US Parents were at the end of their chain — then ransomware hit their kids' schools
University of California victim of nationwide hack attack
The University of California is warning its students and staff that a ransomware group might have stolen and published their personal data and that of hundreds of other schools, government agencies and companies nationwide. A cybersecurity attack targeted a vulnerability in Accellion, a third-party vendor that is used to securely transfer files, the university said in a statement Wednesday. “We understand those behind this attack have published online screenshots of personal information, and we will notify members of the UC community if we believe their data was leaked in this manner," the university said.
The ransomware attack on her daughter's school was the last thing Glynnis Sanders needed.
Like most parents, Sanders has been performing a daily juggling act. When she's not teaching special education classes at Buffalo Public Schools, she and her husband are usually making sure their three kids are attending their remote classes.
So it hit hard when hackers struck the school of her youngest daughter in early March, the Friday before she was supposed to finally return to in-person learning twice a week.
“It’s very frustrating. You think, how could this happen? You wonder if your information is secure,” Sanders said. “It’s just the headache of Covid as it is, and it’s adding to the stress of the school year. Like what else could happen?”
Phillies likely done spending for now
Whether the Phillies should trifle over surpassing the luxury tax by a million or two is certainly worth the question, but it’s not a level of spending they’ve breached in the past. © Mitch Stringer-USA TODAY Sports Jul 12, 2018; Philadelphia Phillies hats await use during a game against the Baltimore Orioles at Oriole Park at Camden Yards. If they are using that line as a soft cap, there won’t be much flexibility even for a mid-season acquisition.
The hackers infected Buffalo’s schools with malicious code that spidered through their networks, freezing computers and making it impossible for teachers to reach their students who were working remotely because of the pandemic. They demanded a ransom to make it go away.
School officials canceled remote classes for the day while they figured out what to do. They would end up needing more than a week to resume their planned class schedule. A single infection of a school district can affect dozens or hundreds of schools: Buffalo counts 63 individual schools and learning systems.
In public statements,broadly as a “cybersecurity attack.” But it wasn’t a mindless act of internet vandalism. Buffalo had become the latest in a long spree of ransomware attacks, a type of hack where malicious software locks as many related computers as possible, rendering files inaccessible in an attempt to coerce victims to pay up.
Pirates DFA reliever Tyler Bashlor to make space for infielder Wilmer Difo
The Pirates are designating reliever Tyler Bashlor for assignment. The move opens 40-man roster space for infielder Wilmer Difo.Bashlor, 27, has pitched 62.1 MLB innings with the Mets and Pirates over the past three seasons. He has only a 5.78 ERA with poor strikeout and walk rates (18.5% and 12%, respectively) in that time. Bashlor has been much better in the minors, with a 1.63 ERA in 38.2 Double-A innings and a 3.41 mark in 37 frames at Triple-A.
The attack underscores how a once obscure form of cybercrime now preys on Americans almost daily. While some ransomware gangs spend months targetingin hopes of a giant payday, many also go after institutions that don’t have dedicated cybersecurity staff or expensive cybersecurity contracts to better protect them from hackers, like and and governments, which are often wide open to attack.
Schools are soft targets, too — and during a pandemic, particularly soft ones. Cybercriminals have recently ramped up attacks against American public school districts, with at least 44 of them this school year alone, according to a count by Allan Liska, a ransomware analyst at the cybersecurity company Recorded Future.in mid-March that ransomware attacks against schools were spiking, but the U.S. federal government has limited power to stop ransomware attacks. As recently as Thursday, schools in Haverhill, Massachusetts, .
Why do phishing attacks work? Blame the humans, not the technology
Cyber criminals know that people want to take the easiest route to resolving an issue - and phishing emails are designed to take advantage of that.Phishing attacks remain a huge problem and crooks are spending a lot of time and effort to ensure that, for the potential victim, clicking on a bad link is the most intuitive and easiest thing to do.
Cybersecurity companythat ransomware attacks cost the U.S. more than $1.3 billion in 2020. The FBI often is the primary agency responding to ransomware attacks in the U.S., but as the agency focuses more on arrests than on disruption, and most ransomware gangs operate in countries where it's hard or impossible to get cybercriminals extradited, it’s rare for the criminals to face serious repercussions.
A spokesperson for Buffalo schools declined to comment, citing an ongoing FBI investigation, and the agency also declined to comment. But school officials were clearly caught off guard by the severity of the hack, as they spent the next week issuing last-minute class cancellations.
After calling off all remote classes for the day that first Friday, they announced Sunday evening that there would be no class whatsoever on Monday. Then Monday evening, they cancelled in-person learning through Wednesday, then Wednesday evening extended that ban for the rest of the week.
“Tuesday night we found out late," said Gary Cartwright, a father of four kids in the district. "Monday night we found out late there was no school. Sunday night, late."
Ransomware crooks are targeting vulnerable VPN devices in their attacks
Researchers at Kaspersky detail how hackers were able to get hands-on and compromise a whole network with Cring ransomware. At this point, a note by the attackers tells the victim their network has been encrypted with ransomware and that a ransom needs to be paid in Bitcoin to restore the network.While there's no information on how the incident at the European industrial facility was resolved, researchers note that the failure to apply the security patch to protect against a known vulnerability was the "primary cause" of the incident.
To pay or not to pay
The FBI and the U.S. Cybersecurity and Infrastructure Agency, the federal agencies that respond to ransomware victims, officiallyto hackers, both because doing so can encourage them to target more victims and there’s no guarantee that the hackers will honor the agreement. Paying isn’t illegal in most cases, but it’s still a risky prospect: A by the cybersecurity firm Kaspersky found that just over half of ransomware victims chose to pay, but 17 percent of those who did still never recovered their files.
But sometimes a school will try to pay, only to find it impossible to negotiate with the hackers. In March, after negotiations broke down between one gang and Broward County, Florida, school system — one of the largest school districts in the country, with more than 260,000 students — the hackers published the transcript of their conversation on their website. The conversation shows the gang initially asked for $40 million in ransom, to the school official’s bafflement.
A Broward spokesperson for the school declined to comment on the published negotiations but said in a statement, “We have no intention of paying a ransom.”
Hackers want millions in ransom. American schools are considering the cost.
Cybercriminals have ramped up attacks against public school districts, underscoring how ransomware has become a daily scourge preying on Americans almost daily.Like most parents, Sanders has been performing a daily juggling act. When she's not teaching special education classes at Buffalo Public Schools, she and her husband are usually making sure their three kids are attending their remote classes.
Even when a school catches the attack early and chooses to not pay the hackers, the costs can be severe, as was the case when the Affton, Missouri, school district was hit in February. The district’s director of technology, Adam Jasinski, received an early morning text message from a teacher that showed a picture of a computer with a picture of a ransom note.
"Hi Company, Every byte on any types of your devices was encrypted," the hackers wrote. "Don't try to use backups because it were encrypted too."
Recognizing the potential for ransomware to spread quickly from computer to computer, Jasinski quickly ordered them all shut down and began examining computers individually to see which ones were infected. Only 30 were, and the school was able to replace them and resume classes the next day.
But the hackers weren’t done. As retaliation, they published files they were able to exfiltrate from the infected computers, which included scores of tax and human resource documents like notes on teachers and their pay and the school’s tax documents since 2018.
Jasinski said despite that hassle, he’s still confident he made the right decision.
"One thing I hope people take away from experiences like ours is don’t pay the ransom, because it only encourages them," he said.
'A matter of national security'
Most of the damage is done by a dozen or so hacker groups, which effectively run as organized crime rings. Their members’ identities are largely known to the FBI and U.S. Secret Service, officials at those agencies say, but they tend to live in Russia or other Eastern European countries that don’t extradite their citizens to the U.S.
Nonprofit provides help to hospitals battling ransomware
The Center for Internet Security recently launched a free tool for private U.S. hospitals to block malicious activity.Doctor and nurse discussing over digital tablet at the hospital
The Biden White House has a plan to deal with ransomware hackers, but such a plan is still several weeks away, said Anne Neuberger, a top White House cybersecurity adviser.
"Ransomware is a matter of national security because it affects so many Americans, including our small businesses, and state and local governments," Neuberger said in an emailed statement. "Making progress to address ransomware will require cooperation with international partners."
In some cases, hackers make remote learning nearly impossible. Huntsville City Schools in Alabama, which allows parents to choose whether their kids go to in-person classes or learn remotely through the Huntsville Virtual Academy, sent everyone home on Monday, Nov. 30, the first day back after Thanksgiving break, because of a ransomware attack.
It took a week for. But because of lingering issues with school devices, HVA students for weeks learned purely through “paper packets,” with no interactions with their teachers. Every Sunday, parents dropped off their students' previous week of paperwork and picked up a new week’s worth.
Brooke Abney-Stratton, a mother to an elementary school student and a middle school student in the district, saw her mother hospitalized with Covid-19 in July and didn’t hesitate to enroll her kids in HVA at the beginning of the school year. While she had mixed feelings about the program’s deployment before the cyberattack, she said her children had no direct interactions with their teachers in December — just packets of paper she shuffled back and forth.
"The virtual academy kids — my kids — had no access to email their teachers. No administrators. Nothing," Abney-Stratton said in a phone interview. "They were handed a paper packet, told to do the work and turn it back in, while the other students who were traditional in-person students were in a classroom every day."
"It took until after New Year’s to get my son logged back in," she said. "It’s been the worst experience. I never could have imagined."
New US Justice Department team aims to disrupt ransomware operations .
The task force will focus on dealing with the “root causes” of ransomware.In an internal memo, the DoJ outlines the creation of a new initiative that will bring together current efforts in federal government to "pursue and disrupt" ransomware operations.