[gravityform id=21 title=false description=false ajax=true tabindex=49]
Ransomware is a type of malicious software (malware) that encrypts the data on a computer or network and demands a ransom for its decryption. The ransom is usually paid in cryptocurrency, such as Bitcoin, which makes it difficult to trace the attackers. The attackers may also threaten to delete or expose the data if the ransom is not paid within a certain time frame. Ransomware attacks are often carried out by cybercriminal groups that target vulnerable systems and networks.
Ransomware can infect a computer or network through various methods, such as phishing emails, malicious attachments, compromised websites, or remote desktop protocol (RDP) vulnerabilities. Once the ransomware is executed, it scans the system for files and encrypts them with a secret key that only the attackers know. The ransomware then displays a message on the screen or creates a text file with instructions on how to pay the ransom and decrypt the data.
The best way to protect your school from ransomware attacks is to prevent them from happening in the first place. Here are some best practices that you can follow to reduce the risk of ransomware infection:
If your school has been targeted by a ransomware attack, it is important to take immediate action to minimise the damage and prevent further spread of the malware.
Following are the steps that your school is recommended to take:
After detecting a ransomware attack, the first crucial step is to isolate any compromised systems or software from the network. Immediate action must be taken to shut down servers and devices using the compromised software. By disconnecting these affected systems, the spread of the malware can be contained, preventing further damage. Seeking assistance from your trusted IT provider is strongly advised to facilitate this process effectively.
Without delay, inform your IT provider about the attack and seek their guidance and support. Simultaneously, it is imperative to notify the Ministry of Education, ensuring that they are aware of the situation and can provide necessary assistance. Additionally, if your school has an insurance policy covering cyber incidents, promptly contact your insurer to initiate the claims process. These actions will facilitate expert technical assistance, a comprehensive assessment of the damage, and access to resources that can aid in recovery.
If possible, you should check your backups and attempt to restore any encrypted or lost data if possible. This will help you recover from the attack and minimise the impact on your operations. Seek professional advice and get help from your IT provider or relevant experts on the most effective restoration methods to employ.
You should report the incident to CERT NZ, the national cyber security agency. CERT NZ can provide advice and guidance on preventing and recovering from ransomware attacks. By reporting the incident, you gain access to their expertise in preventing future attacks, identifying the attackers, and receiving essential guidance for recovery.
Transparent and timely communication is crucial when responding to a ransomware attack. Engage in clear and informative communication with your staff, students, and parents, outlining the situation and potential impacts on their online services and data. This will help prevent confusion and ensure that everyone is aware of the situation. According to the Official Information Act 1982 (OIA), your school may need to comply with certain obligations when communicating with staff, students and parents about a ransomware attack.
You may need to:
- Respond to any requests for official information from staff, students, parents or other parties, unless there is a good reason to withhold it under the OIA¹².
- Protect the privacy of any personal information that may be affected by the attack, and notify the individuals concerned if there is a risk of harm or loss¹³.
Therefore, it may be best to seek advice from a lawyer to communicate the correct and necessary information, especially if the attack involves sensitive or confidential information, or if there are legal implications or obligations⁴⁵. You may also want to seek advice from a cyber security expert to help provide guidance on how to protect staff and students' personal devices and data from future attacks, and inform them of any resources or support available²³
Ransomware attacks have become a growing concern for schools around the world, and it is crucial to have a reliable antivirus solution to prevent these types of attacks.
Here are some important factors that school IT providers should look for when choosing an antivirus solution:
For an in-depth explanation, please download our full ransomware guide.
Choosing the right antivirus solution is crucial for preventing ransomware attacks in schools. New Era Technology has an Antivirus Solution that provides schools with a powerful defence against ransomware attacks. The advanced threat detection capabilities and proactive approach ensure that your valuable data and operations are protected from evolving cyber threats. By choosing our solution, you can take a proactive stance against ransomware, safeguard your school's digital environment, and ensure uninterrupted learning for your students.
Contact us to learn more about ways you can protect your school