Skip to main content
Contact Us
Careers

Search

Weaver Connect

Payment Portal Client Login MyWeaver Weaver Alumni Login
Home    /    Insights & Resources

FBI Alert Highlights Heightened Ransomware Threat to Education Institutions

Resource & Insights
March 18, 2021

Never miss a thing.

Reach out to our team and we'll start a conversation.

Connect

On March 16, 2021, the FBI issued one of its rare flash alerts notifying of a quickly accelerating wave of Pysa ransomware targeting education institutions in 12 U.S. states and the United Kingdom.

Unidentified actors are specifically targeting higher education, K-12 schools, and seminaries, exfiltrating data prior to encrypting the victim’s systems, to facilitate eliciting ransom payments.

This alert shows a continuation of the upward trend of targeting education institutions that began March 2020, leading to the Cybersecurity & Infrastructure Security Agency (CISA) alert on December 10, 2020 advising of increased disruption of distance learning efforts by cyber actors via ransomware and other malware.

The FBI has provided the following list of recommended mitigations that should help detect and block ransomware attacks against educational institutions and other organizations:

  • Regularly back up data, air gap, and password-protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Implement network segmentation.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
  • Install updates/patch operating systems, software, and firmware as soon as they are released.
  • Use multi-factor authentication where possible.
  • Regularly, change passwords to network systems and accounts, and avoid reusing passwords for different accounts. Implement the shortest acceptable timeframe for password changes.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
  • Install and regularly update anti-virus and anti-malware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
  • Consider adding an email banner to messages coming from outside your organizations.
  • Disable hyperlinks in received emails.
  • Focus on awareness and training. Provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).

The FBI also urges organizations to report any cyber-attacks to their local FBI field office or the Internet Crime Complaint Center (IC3) as soon as possible.

Find out more about how you can protect your organization’s data against ransomware, and contact us. Our professionals can evaluate the cybersecurity and IT challenges you face and assist with development of risk-prioritized roadmaps to increased security.

Authored by David Friedenberg, CISA, CRISC, CISSP, PCIP, QSA.

© 2021