Hear Ransomware Victims Describe the Response & Recovery Lessons Learned at Virtual Event for IT Practitioners

Free Webinar by K12SIX Scheduled for Aug. 16

School cybersecurity nonprofit K12 Security Information Exchange is holding a free professional development webinar for education sector IT practitioners on Aug. 16, featuring an extended case study of Northshore School District’s response and recovery work following a crippling ransomware attack targeting the Washington district in 2019.

The webinar, “The Long Tail of K–12 Cyber Incident Response and Recovery,” will include a discussion of recovery best practices, “with a special focus on the long-term work of incorporating lessons learned” from Northshore School District network operations manager Jon Wiederspan and network security engineer Alexander Delgadillo, and moderator Doug Levin, national director at K12SIX.

The State of K–12 Cybersecurity Year in Review report released in March by K12SIX revealed that ransomware has become the most common type of publicly disclosed cyber incident at U.S. schools, as increasingly aggressive tactics by threat actors drive the stakes higher. Last year, said the report, the 62 ransomware incidents disclosed by K–12 schools in the United States made it the most frequently disclosed cyber incident type for the first time since the K12SIX Cyber Incident Map began collecting data.

“While the actions a school district takes in the hours and days following discovery of a cyber incident are critical, the job of cyber incident recovery isn’t complete until steps are taken to prevent similar incidents from recurring in the future,” K12SIX said. “This work often involves close coordination with district leadership, across departments and divisions, often with those who are not IT experts.”

According to the IST Ransomware Task Force, recovery from ransomware attacks lasts an average of 287 days, even when the victim organization believed it had secure backups in place prior to the attack. Such was the belief at Northshore School District, and it turned out to be misplaced confidence, according to an interview published last year with one of the district’s systems administrators, recounting what happened in the early hours after the attack.

“The cybercriminals deployed the Ryuk ransomware against the school district, which relied on a datacenter of 300 Windows and Linux black box servers. The district also managed 4,000 staff members’ devices, including Windows, Mac, and Chromebook workstations, along with many iPad tablets,” wrote David Ruiz in his MalwareBytes interview with Northshore’s Ski Kacaroski.

“Shortly after logging into his employer’s VPN and poking around, Kacaroski learned that the server had been hit with ransomware. He saw one, unencrypted file — a ransomware note from the threat actors — and countless .ryuk file extensions nearly everywhere else.”

Eventually, an FBI investigation revealed that the initial breach of the district’s networks had begun months earlier, and between then and the ransomware attack, three different groups of hackers had access to the district’s network, with each group ramping up attack tactics and gaining more control over the district’s servers, the report said.

Along the way, valuable lessons were learned about what to do — and what to absolutely not do — and those insights will be the topic of the K12SIX webinar, said Levin.

The webinar aims to complement the new K12 SIX Essential Cyber Incident Response Runbook, a free template guiding public schools through the creation of a cyber incident response plan.

The event, which begins at 2 p.m. ET on Tuesday, Aug. 16, will include a question-and-answer session with the Northshore network managers.

Learn more at K12SIX’s event page or register for the webinar here.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • futuristic crystal ball with holographic data projections

    Call for Opinions: 2025 Predictions for Education IT

    How will the technology landscape in education change in the coming year? We're inviting our readership to weigh in with their predictions, wishes, or worries for 2025.

  • stylized illustration of a global AI treaty signing, featuring diverse human figures seated around a round table

    First Global Treaty to Regulate AI Signed

    The United States, United Kingdom, European Union, and several other countries have signed "The Framework Convention on Artificial Intelligence, Human Rights, Democracy, and the Rule of Law," the world's first legally binding treaty aimed at regulating the use of artificial intelligence (AI).

  • human figures interacting with a tablet, surrounded by floating geometric maintenance icons and faint outlines of campus elements

    Miami-Dade County Public Schools Rolls Out Facilitron Facility Management Platform

    Miami-Dade County Public Schools (MDCPS) has announced a partnership with facility management systems provider Facilitron. MDCPS has about 350,000 students across 400 campuses and is the 19th Florida school district to use Facilitron’s platform.

  • close-up of a video game controller

    Verizon Launches Free Scholastic High School Esports League

    Through its Verizon Innovative Learning HQ suite of free learning content and resources, Verizon has launched its first-ever scholastic high school esports league. The league opened for registration on Aug. 8 and will run from Sept. 23 to Dec. 13.