Ransomware In The Cloud: K12’s Misunderstood Threat Vector

by Alexa Sander on May 13, 2021

Do you think Google and Microsoft are protecting your data in the cloud? It’s time to think again

It’s no secret that schools are a top target for ransomware attacks. The number and severity of attacks on school districts increased in the past year. During the same time, many schools expanded their use of cloud applications, like Google Workspace and Microsoft 365. Cloud security is an often misunderstood and unaddressed layer in K-12 cybersecurity strategy. As a result, security vulnerabilities in these applications are contributing to the rise of ransomware in the cloud.

Ransomware can attack data in the cloud and in on-prem storage. The attack can also spread from one location to the other. With many districts using more cloud storage and email apps, and not adequately securing and monitoring them, cloud ransomware attacks are tempting to hackers.

The K-12 Cyber Incident Map showed 50 school districts that publicly reported experiencing a ransomware attack in 2020. Even more than the number of attacks, the issue that is keeping school leaders looking for answers is that the incidents are increasing in severity. Protecting themselves from school ransomware attacks is now top-of-mind for IT teams and district leadership alike.

Schools Hit by Ransomware Attacks

Unfortunately, there is a long list of schools that were victims of ransomware attacks. It’s likely that not all attacks are reported, and information about the resolution of these attacks is sometimes sparse. For example:

Sponsorships Available

Broward County Public Schools One of the largest districts in the nation, Broward was the victim of an attack in 2021. No one knows why the hackers asked for a $40 million ransom from a public school system. But, when the district tried to negotiate down to $500,000 the hackers stopped communicating. The district’s computer system was shut down but, thankfully, classes weren’t disrupted.

Buffalo Public Schools Hackers struck the Buffalo district in 2021. They infected school networks, froze computers, and demanded a ransom. In-class and remote learning had to be canceled for more than a week.

Baltimore County Public Schools The ransomware attack on Baltimore schools canceled online classes and disabled the district’s website. They then worked to recover data from backups, but there is no word on whether a ransom was paid.

Athens ISD in East Texas Hackers attacked the entire network for the district, encrypting all data, and demanding $50,000 in ransom in 2020. The district was in the process of transitioning to remote learning when the attack occurred. Sadly, school officials delayed the start of school for a week.

Other districts reporting ransomware attacks in 2020 include those in Fairfax County, Virginia, Hartford, Connecticut, and Fort Worth, Texas.

Ransomware in the Cloud: Is Data Stored in Google and Microsoft Safe?

The short answer is that ransomware in the cloud is a big problem, and your data will only be safe if your district takes steps to protect it. The days of depending on firewalls, web content filters, and/or cyber insurance are long gone.

The cloud apps you use, such as Google and Microsoft, hold a large amount of sensitive information in Google Drive, SharePoint, OneDrive and cloud email and chat applications. Those applications are built to be easy to access and use, but that also makes them simpler for hackers to breach.

It’s easy to believe that your data is safe because Google and/or Microsoft are going to protect it. Many people make this mistake. But that’s not really the case. Your agreements with Google and Microsoft use something called a shared responsibility model.

In general, the shared responsibility model states that the vendor is responsible for their infrastructure and platform security. They must maintain reasonable security measures to protect their servers that run the cloud apps their customers use.

You, the customer, are responsible for protecting your services, which include your cloud applications and the data stored in them.

You are responsible for using proper access configurations, cloud monitoring to detect anomalies, and then remediating any issues that arise. Your cloud vendors may provide tools to help you secure those services, but they aren’t liable if a hacker gains access to your data using a phishing email or a 3rd party app intrusion, for example.

Cloud Apps Aren’t Immune to Ransomware Attacks

Ransomware in the cloud can cause major damage. For example, let’s say that someone in your district clicks on a malicious link in an email. That click will trigger a program that starts to encrypt all the emails in the person’s account. As intended during normal operation, those encrypted files are synchronized with the files in the cloud storage, and the encryption program jumps to other accounts.

The next thing you know, ransom demands start appearing on monitors everywhere.

Schools are using more cloud applications than ever before. This was a trend that started well before the pandemic led to widespread remote learning. COVID -19 merely supercharged cloud adoption.

To keep student data—and district finances—safe, District leaders and IT teams need to start thinking about cloud security as one of their cybersecurity essentials. The idea that your cyber insurance is going to have you completely covered if an incident is just one of many cybersecurity myths that are harming our nation’s schools.

Adopting models like zero trust cybersecurity and a K-12 NIST Cybersecurity Framework can help your team be in the best position possible to protect, detect, and respond to a ransomware attack on your district.

The most important thing to take away from this is that you’re not simply “covered” by Google and/or Microsoft. It is not their responsibility to protect your data or access to it. Ransomware in the cloud isn’t going to go away. Your best approach is to put the cloud protections you need in place now.