Department of Education issues alert
September 03, 2020
The Department of Education recently issued a technology security alert, warning of an active ransomware campaign targeting educational institutions.
In a Sept. 1 Electronic Announcement, the Department's Office of Federal Student Aid (FSA) said it has identified multiple ransomware attacks that led to denial of access to sensitive data and systems unless a ransom is paid.
In the Announcement, the Department said multiple schools have reported that attackers are targeting their institutions with ransomware. According to the Announcement, phishing attacks have been used to gain access to account credentials that the attackers then use to install and propagate ransomware across a network. The Department said some institutions have lost access to critical systems and data, impacting their ability to operate.
The Department said it is strongly encouraging each school to strengthen its cybersecurity posture by implementing cybersecurity best practices to include:
- Establish a data backup process, ensure the backups are available and accessible, and store the backups offline
- Implement multi-factor authentication to mitigate account compromises
- Regularly patch hardware and software
- Continuously monitor institutional network to detect unauthorized access and malware
- Create and update your Incident Response Plan
- Ensure training resources emphasize phishing, as it is frequently the compromising entry point for ransomware attacks
Further details are available on the Cybersecurity and Infrastructure Security Agency (CISA) information page on ransomware, located at www.us-cert.gov/Ransomware. Questions about the Electronic Announcement may be sent to FSASchoolCyberSafety@ed.gov.