InaCOMP InSights

Ransomware on the Rise in K-12 Institutions

Posted by Jamie Ogden on Nov 23, 2016 9:30:00 AM
Find me on:

Every day, security professionals face a changing threat landscape, which is characterized by sophisticated attacks, targeted emails, and major profit motive. 

According to the FBI, ransomware is quickly approaching a $1 billion annual market, and attackers no longer spare schools and libraries from their attacks.  

Ransomware K12 On the Rise


February of 2016, a South Carolina school was advised by a technology consultant to pay an $8,500 ransom after falling victim to an attack. The consultant estimated that the ransom would be much cheaper than the cost of pursuing alternative data-restoration avenues.

 The attack was incredibly disruptive. Servers needed to be shut down to keep the malware from spreading, and thousands of computers, tablets, and iPads were encrypted, isolated, and rendered virtually useless. 

Adding even more stress, the perpetrator of the attack gave the school one week to either pay up or permanently lose their data.

The school district’s administration quickly decided that the daily value of giving 43,000 students and 3,800 faculty members access to their essential projects, planners, and educational materials far surpassed the $8,500 ransom.

This is the catch-22. Administrators often find it’s cheaper to pay the ransom than find alternative ways to restore encrypted files. In paying the attackers, however, victims are incentivizing the malicious activity.

The FBI advises organizations against paying attackers because it perpetuates the activity and there’s no guarantee that the attacker will, in fact, restore the files once the initial ransom amount is paid.

Furthermore, any payments to the perpetrator(s) of ransomware attacks are untraceable as they’re typically made in bitcoins, a secure, digital currency that protects the anonymity of the recipient.


Due to the complexity, short timelines, and productivity disruption large-scale ransomware attacks pose, proactively blocking attacks in the first place is the best solution.


Educational facilities like schools and libraries are particularly vulnerable to ransomware attacks due to the sheer number of individuals and devices connecting to their networks.

Without proper protection, ransomware could find its way into your network through an infected mobile device connecting to your network; a no-longer-updated but still functional server used for archival purposes; or by a well-meaning employee unwittingly clicking on a malicious alert disguised as a legitimate system notification.

That being said, there are a number of affordable malware-blocking services available, so there’s no reason your educational facility should fall victim to such an attack.

Here are a few things you can do to avoid falling victim to ransomware attacks: 


  1. Raise Awareness

Raise awareness of ransomware in k12

Simply educating your employees and other network users about the risks lurking online can go a long way in helping you prevent accidental infections. Here are just a few ways your network users can help prevent ransomware infections: 

  • See a suspicious email? Don’t click on it. Instead, report it as spam.
  • See a strange security pop-up? Don’t click on it. Instead, press CTRL + ALT + DELETE and launch the Task Manager, highlight the malicious task, and press END TASK.
  • Never ‘save to desktop’. Ransomware attackers gain their power by controlling your data and files. If you have a backup solution in place and users save files to your network rather than their local drive, they’ll improve their chances of having their files restored without having to pay a ransom.
  • Has a ransomware notification popped up on your screen? Immediately disconnect from the network, shut down your computer/device, and notify your network administrator.

Just sharing these four basic items with your network users could save you a great deal of trouble. And if you have an on-site technician or managed service provider, you could partner with them to gain even more insights into what your specific users can do to further prevent data breaches.


  1. Back Up Daily

Virtual data kidnappers can’t succeed if you have a secure backup solution in place that saves your data daily. Keep in mind that not all backup solutions are created equal. You’ll want a solution that will still be intact and usable even if your network is compromised.


  1. Get Regular IT Network Risk Assessments

get regular it checkups ransomware k12

What you don’t know can hurt your data. Your network is constantly changing as new updates and patches are applied and new hardware and software is installed. Just because everything was secure two months ago doesn’t mean it is today.

Getting quarterly IT network risk assessments can help you see where vulnerabilities in your network arise so that you can proactively correct them.

While your internal team could certainly use a remote monitoring and management (RMM) platform or IT assessment tool to conduct quarterly network risk assessments, sometimes it makes more sense to have an objective third party—like a managed service provider—conduct them for you. 

Many managed service providers will even include a quarterly business review/risk assessment in your annual plan.


Preventing Ransomware


prevent ransomware k12

While the above steps will get you started down the path to preventing ransomware attacks at your educational institution, there are a number of other steps that can be taken to prevent malware and ransomware callbacks and propagation—and detect credential theft, data leaks, and security policy violations. 

Whether your technology solutions live in the cloud, on-site, or a little of both, InaCOMP can partner with you to build a comprehensive security solution that proactively defends your network against costly ransomware attacks. 

Discover educational institutions that trust InaCOMP to deliver secure and always-available technology services and solutions. 

Did you miss our K12 Ransomware & Security Webinar we recently held with Cisco? No problem! Click here to veiw a recording of this interactive webcast: 


Topics: InaCOMP, Ransomware, Security, Education