Why are schools so much more vulnerable to ransomware?

Why are schools so much more vulnerable to ransomware?

6th March 2017 Security


It is not news to anyone who reads my posts that cybersecurity is one of the most important elements of any business strategy in this day and age. Although I usually write about the technicalities behind hacks and try to explain the best ways to prepare or avoid them, I feel that it is also important to share my thoughts on more of a personal side. After all, any form of hack causes people emotional distress, whether that be via financial loss, ruining people’s jobs or even taking them away.

Last week I delivered a webinar with Alan Case, Heimdal Security’s Country Manager, to a number of schools and businesses within the educational sector and it got me thinking about recent hacks in the news and the possible effects that ransomware and hackers could have in this particular industry.

Just last month, the websites of All Saints Primary School in West Bromwich and Perton Middle School in Wolverhampton were hacked by an unknown political activist who displayed messages across pages of the websites relating to Peshmerga, an army of Kurdish fighters in northern Iraq who played a role in the mission to capture Saddam Hussein in 2003 and who are currently fighting ISIS in Syria. The hacker managed to break into the outdated version of WordPress, the provider used to hold the schools’ websites and make additions to certain pages in the form of images and text. One of the messages was displayed on the blog page about a recent arts festival event held at the Perton Middle School. It was only discovered that the website had been hacked once one of the parents, who had been using the website, phoned up to inform staff at the school. The website was only 18 months old and although the message was taken down as soon as it was reported, this could have been too late had the hacker had intentions other than simply to make a political statement. There was no vulnerability of student usernames, passwords or personal data as none of it is accessible through the website, but this is not the only element of the website that could have been useful. I hope that all of our partners, or anyone who is aware of Brigantia, understand the threats that come with modern day hacking and the sophistication of some of these procedures. Have a look through some of my previous posts for examples.

The motive of this particular website infiltration is not especially relevant here, but the point I want to make is about the opportunities that were at the hands of this hacker and the harm and loss that could have taken place if they so wished. Just to provide some high level examples, by having the ability to edit the websites, the hacker could have added malicious links to the page through advertisement sections, added links to download “important school documents” or even by requesting that all parents send their details to a certain email address for “verification”. The repercussions of any of these are varied: parents or site visitors could have downloaded a document and opened up their machine to ransomware, sent their personal details to the hacker to be used for making payments, sold access to the website to other, more dangerous individuals to make use of.

The effects of any or all of the actions above could then have led to the following:

  • The control over these parents could have been used as ransom over the school to make a larger payment in return for ‘releasing’ the parent’s infiltrated computers. The school would arguably be responsible and would, therefore, feel obliged to do all that they could to repair the parents’ machines.
  • The hacker could have used a social engineering strategy to demand financial payment. Given the infiltrated machine(s) is the parent of a child at school, they could have accessed any personal or private pictures/data on the machine regarding the child and threatened the parent via their screen to use or release that information in compromising ways. I have already covered social engineering hacking in an article about Ransoc here.
  • As a final example, with a bit of work and thought, the school server could have become infiltrated, opening the door to more serious situations involving student records. The hacker could have demanded much larger sums of money, as this could potentially leave the school in a ‘shutdownable’ state.

To summarise, the compromised position of these two school websites could have been catastrophic. Although in this instance it wasn’t, with the infiltration being used to make a political point, no one was aware of who the individual was that broke in. Had the motive been financial, it could have caused a huge amount of loss and emotional damage. The difference with schools against any other organisation or area of the internet is that you expect full trust form the get-go because you’re dealing with something that involves the upbringing of your own children. This makes site users so much more vulnerable.

Ransomware can take full advantage of vulnerabilities in any hacked website. Pop-ups, advertisement or web links can be utilised to draw someone in and sometimes not even a click is required to activate the potential destruction. Over the past year, nearly 60% of higher education institutions have been attacked by hackers. A worst case example would be Lincolnshire County Council, who had to pay out £1million and shut down their entire system network for a week. With schools, the sensitive student data kept makes the risk even greater and could lead to even worse ransoms.

The important message from this article is that all schools should be using specialist ransomware solutions to protect themselves from these sorts of threats. It is far too common that we speak with institutions that only use antivirus. The most comprehensive solution at negating these threats is Heimdal Security.

See why here:

This is why Brigantia will be continuing to hold special events for the education sector throughout 2017 in an attempt to take the risks away from schools and most importantly, young people.

About the author

Henry Chaw:

  Join our newsletter