The district ceased all academic activities last week in response to a ransomware attack. Investigations remain ongoing.

Students Return to Classes… Kind Of

Back to the good old days of pencil and paper.

A ransomware attack hit Huntsville City Schools on Monday November 30th, closing the entire district for the rest of that week. Students, most of whom have been learning remotely due to COVID-19, returned to classes this Monday, but with a twist. Due to the ongoing nature of forensic investigations into the origin of the attack, students are still not permitted to use electronic devices to access academic networks. As a result, teachers were forced to create study packets and homework assignments on paper (gasp!).

While a return to old-fashioned pencil and paper assignments may seem harmless and even nostalgic, it represents the dark side of ransomware attacks and the business interruption they can cause. After all, not every business can simply revert back to working on paper. Earlier this year, a similar attack prevented a German hospital from accepting new patients, ultimately leading to the first ever ransomware homicide charges being filed.

Related: 2020 Has Seen a Record Spike in Ransomware

Why are school districts a common target for hackers?

There are many reasons hackers target American school districts, but for the sake of this article, let’s discuss the top three:

  1. Schools, similar to local governments, are low-hanging fruit for cyber criminals because their IT departments are typically understaffed and significantly underfunded.
  2. Related to point #1, school districts and governments often run legacy software and systems. These products are exceptionally vulnerable to hack attacks, and usually do not receive any sort of regular support or maintenance.
  3. Finally, remember that human error remains the #1 cause of cyber attacks in the United States. Tricking people into opening phishing emails is the most common point of entry for hackers, and the large number of students and staff in a given district makes for a perfect target audience.

The startling truth about ransomware in 2020.

As employees and students alike have shifted to at-home work environments due to COVID-19, hackers have greatly ramped up their ransomware efforts. Some key stats:

  1. 68% of ransomware attacks begin with a phishing link¹.
  2. Phishing attacks have increased 668% since the start of the pandemic¹.
  3. 85% of ransomware attacks targeted Windows systems¹.
  4. The average ransom demand has risen from $5k in 2018 to $100k+ in 2020².

Are ransomware attacks covered by cyber insurance?

Yes. Here’s how.

Evolve’s cyber policy agrees to reimburse the Insured for any ransom paid by the Insured, or on the Insured’s behalf, in response to an extortion demand first discovered by you during the period of the policy as a direct result of any threat to:

  • introduce malware, or the actual introduction of malware, including Ransomware, into your computer
    systems;
  • prevent access to your computer systems or data or any third party systems hosting your applications
    or data;
  • reveal your confidential information or confidential information entrusted to you; or
  • damage your brand or reputation by posting false or misleading comments about you on social media
    sites.

In addition the the ransom payment itself, ransomware attacks often require data restoration and/or data recreation. Evolve intends to cover those costs, as well as IT Security and Forensic Costs ($500/hr), Crisis Communication Costs ($500/hr), and in the case of a privacy breach accompanying the ransomware attack, we cover both 1st and 3rd Party Privacy Breach Management Costs ($1-3 per individual).