State responds to cyber attack on school system
Stephenson Technologies Corporation at LSU offers tips on how individuals can protect themselves from future cyber-attacks
This week, several Louisiana school systems were victims of the most pervasive ransomware attacks in the state’s history. Digital thieves successfully injected malware in several parish networks, making north Louisiana one of several areas in the country that have also fallen victim to cyber-attacks.
Ransomware is malicious software designed to deny access to a computer system or data until a ransom is paid. It’s typically spread through phishing emails or by unknowingly visiting an infected website. Once infested, the thieves hold the user’s data hostage until a ransom is paid, usually in digital currency like BitCoin.
“Ransomware is not new,” said Jeff Moulton, Stephenson National Center for Security Research executive director. “It’s growing in use at the state and local levels because the attackers know government agencies, especially at the lower levels, are likely to pay.”
Moulton also said that hackers know that local government agencies including school districts often do not have the systems in place to protect against cyber-attacks. Hackers also may target these agencies because shutting down or interrupting services is unacceptable.
Governor John Bel Edwards declared a state of emergency and activated Louisiana’s Emergency Support Function 17, which is a cyber-incident response plan. LSU’s Moulton oversees the ESF-17 subcommittee.
LSU’s applied research affiliate, the Stephenson Technologies Corporation, or STC, is working with the Governor’s Office of Homeland Security and Emergency Preparedness, or GOHSEP, the Office of Technology Services and the Louisiana National Guard Cyber Team on this criminal event. Three LSU STC information systems security engineers are on site in the affected parishes assisting with the recovery efforts.
“Thanks to Gov. Edwards’ foresight into cybersecurity vulnerabilities, he created the Louisiana Cybersecurity Commission to respond quickly and effectively to attacks like these,” Moulton said.
He offers the following tips on how individuals and institutions can protect themselves from future cyber-attacks:
- School districts throughout Louisiana must educate their workforce to stop, think and click before opening any email. If it doesn’t look right, don’t open it.
- Implement a two-factor authentication system.
- Have a manual back-up system.
- Parents and guardians should give out as little personal information on their children as possible.
- Parents and guardians should write a letter to the three credit agencies to lock and freeze their children’s credit so predators cannot access their children’s social security numbers.
- Encrypt your data at rest.
- Stop. Think. Click.