Ransomware Has Not Even Spared Schools: Time To Be Cautious

The FBI, CISA, and MS-ISAC have collaborated on a joint Cybersecurity Advisory (CSA) to share Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) related to Vice Society actors, which were identified in FBI investigations as September 2022. 

The three agencies have noted that Vice Society actors have been focusing their ransomware attacks on the education sector more frequently.

🚨 ACTIVE CYBERSECURITY THREAT TO SCHOOL DISTRICTS‼️ @FBI, @CISAgov & the MS-ISAC released a joint #cybersecurity advisory detailing #IOCs and #TTPs associated with the #ViceSociety #ransomware group. https://t.co/mZqbNL0rbW#StopRansomware #InfoSec pic.twitter.com/ZmRr8VGWom

— CISA Cyber (@CISACyber) September 6, 2022

What’s happening

• K-12 institutions have frequently been targeted by ransomware attacks over the last few years.
• These attacks have led to a range of negative consequences, including restricted access to data and networks, canceled school days, delayed exams, and unauthorized access to the personal information of students and staff.
• The FBI, CISA, and MS-ISAC believe that these attacks will likely increase as the 2022/2023 school year begins and criminal groups see more opportunities for successful attacks.
• Schools with limited cybersecurity resources are the most vulnerable, but even those with robust cybersecurity programs are at risk due to opportunistic targeting by cybercriminals.
• K-12 institutions are seen as especially attractive targets because they often have large amounts of sensitive student data accessible through school systems and their service providers.
• The FBI, CISA, and MS-ISAC urge organizations to follow the mitigation recommendations in this CSA to lower the risk and impact of ransomware incidents.

Preparing for attack-CSA recommendations

• It’s crucial to maintain offline backups of data and regularly check them for restoration. This practice helps ensure that organizations will not experience severe interruptions or irretrievable data loss.
• Make sure that all backup data is encrypted, immutable, and encompasses the entire data infrastructure of the organization. Verify that backup data is not already contaminated with malware.
• Assess the security posture of third-party vendors and other interconnected entities within the organization. Ensure that all connections between third-party vendors and external software or hardware are monitored and reviewed for any suspicious activities.
• Establish policies for listing applications and remote access, allowing only known and permitted programs to run according to established security policies.
• Monitor and document external remote connections, recording approved solutions for remote management and maintenance. Organizations should immediately investigate any unapproved solutions installed on a workstation.
• Implement a recovery plan that maintains and retains multiple copies of sensitive or proprietary data and servers in a physically separated, segmented, and secure location, such as a hard drive, storage device, or cloud service.

Concluding thoughts 

With such cyber ware theft attacks in action, comes the role of data backup and protection. It has now become something one must never compromise. If high-profile agencies, companies, and businesses can not stay safe then, how can we rely on schools to be safe? Digital safety is now a big question and we all need a satisfactory answer to that. Stay vigilant, and stay safe!