As remote learning and employment have increased during the coronavirus pandemic, so have cyberattacks by criminals holding data hostage for a ransom.
One recent target was Fairfax County Public Schools in Virginia, the 12th-largest school district in the U.S. The scope of the attack on the district’s technology systems is not yet known, a Sept. 12 statement from the district said.
“If it is determined in the course of our investigation that personal information has been compromised, we will take steps to notify affected individuals as appropriate,” the district said, adding that the FBI was investigating.
The Fairfax County case is one of at least 219 attacks nationwide this year affecting school districts, governments, and other businesses and organizations, according to Brett Callow, a threat analyst for anti-malware company Emsisoft.
An email to Lucy Caldwell, a spokeswoman for the district, was not returned. A message could not be left with the media relations office because the voicemail was full.
The frequency of attacks underscores how organizations have struggled to contend with ransomware, a form of malware that makes files and systems inaccessible until a ransom is paid.
“We’re seeing attacks grow at an extraordinary rate,” Terry Oehring, the CEO of cybersecurity firm Solis Security, said in an email. “Unfortunately, a lot of the breach cases are due to a lack of basic controls that everyone should have in place by now. With a basic amount of security hygiene, I believe that many of the successful attacks would not have occurred.”
Schools are an active target because they’ve moved to virtual learning and have not invested in safeguards, Oehring said. Smaller companies are in similar circumstances, he added.
“Smaller businesses often think they won’t be the target of an attack, yet we’re seeing an increasing frequency of them being compromised,” Oehring said. “Due to lack of security awareness and the absence of basic controls, they often make for easy targets.”
Ransomware attacks have been one of the top reasons for cyber-insurance claims filed in the first half of 2020, according to a recent report published by Coalition, a cyber-insurance company. The attacks accounted for 41% of claims, according to data based on findings from 25,000 small and medium-sized companies in the U.S. and Canada. Exploitation of remote access during the pandemic was found to be the “root cause” of ransomware incidents.
Coalition reported a 47% increase in ransom demand among its policyholders from the first quarter of the year to the second. The average ransom demand from April to June was nearly $350,000, the report said.
Newer strains of ransomware, Maze and DoppelPaymer, are more complex, allowing cyber-criminals to demand higher ransoms, the report said.
The Maze cybercriminal gang claimed responsibility on its website for the attack on Fairfax County Public Schools and uploaded a zip file of data it claims was stolen from the district, InfoSecurity Magazine reports. The threat group’s website has since been taken down.
The pandemic may be accelerating the frequency of cyberattacks and ransom demands, but they are not new. The City of Baltimore came under attack in May 2019 when its computer systems were compromised by the ransomware RobbinHood. Other cities, including Atlanta and Pensacola, Fla., have also been affected.
The FBI received more than 2,000 ransomware complaints in 2019, resulting in adjusted losses of nearly $9 million, up from nearly 1,500 victims who told the FBI about $3.6 million in losses the previous year.
FBI Director Christopher Wray urged the private sector to be proactive about cyber attacks in a speech last week at the Cybersecurity and Infrastructure Security Agency cybersecurity summit in Washington, D.C.
“Agents in every single FBI field office spend a huge amount of time going out to companies and universities in their area, establishing relationships before there’s a problem, and providing threat intelligence to help prepare defenses,” he said. “We might not be able to tell you precisely how we knew you were in trouble — but we can usually find a way to tell you what you need to know to prepare for, or stop, an attack.”
(Edited by Ron Panarotti and Emily Crockett)