Ask The Expert: School Cyberattacks

November 23, 2022 - JJ Thomas

Recently, Jackson Intermediate School District had to close all public schools in Jackson and Hillsdale counties for multiple days due to a cyberattack. Hackers utilized ransomware to gain control over the School District’s technological infrastructure.

We sat down with Dr. Tom Holt, a cybercrime expert and Professor in the School of Criminal Justice, to discuss the recent attacks and how to prevent these types of events going forth. 


What is ransomware?

Ransomware is a form of malicious software that effectively encrypts all the files on a computer, and can spread to other computers on the same network and do the same thing. Once the files are encrypted, they can only be decrypted by paying the malware operator a fee, or ransom. Unfortunately, this often means victims must pay that fee in order to restore access to their files.

Have you ever heard of a School being hacked like this?

Yes, this has happened to schools, hospitals, law firms, and virtually any industry category you can think of. This is a common type of attack because the targets pay in most all circumstances. As a result, it is a high-profit form of cybercrime.

What is the best course of action if a School district is hit with a cyber attack like this?

Should a school get compromised, the first thing to do is to try to remove those systems from the network to minimize any further spread. Then, a triage is needed to determine how much data may have been encrypted and to what degree services may have been affected. It is also essential to contact law enforcement (state or federal) in order to obtain guidance on next steps, including ransom payments.

What do School districts need to do to protect themselves from future attacks?

One of the most important things that can be done is to educate employees on the risk of ransomware and understand how the attacks often start. Many scams involve the use of phishing emails that try to draw out an employee to click on an external link that will enable the malware to be installed and start moving through the network. Education can help to reduce the risk of successful compromises. In addition, having a sound IT security policy in place is vital, as is a carefully monitored intrusion detection system that can identify when an attack is in progress and limit movement within the network.

How can we protect ourselves from ransomware?

The best steps are to be cautious when you receive an email that looks suspicious or requests immediate action. In addition, having up-to-date, active antivirus software in place can help to reduce the risk of an infection activating if you download or attempt to activate malicious code. Lastly, regularly backing up your files to an external hard drive or cloud storage is an effective way to ensure if you are hit with ransomware that you may not need to pay to have your system files decrypted.