SecurityThing – Ransomware Hits Local Schools – A Little Advice: [02/08/2019]

On This Episode…

It’s A Security Thing Friday. Craig talks about ransomware hitting the local schools and how you can help them.

Share This Episode

For Questions, Call or Text:



Below is a rush transcript of this segment, it might contain errors.

Airing date: 02/08/2019

Ransomware Hits Local Schools – A Little Advice

Craig Peterson 0:00

Hey, everybody. Getting ready for another weekend and we got a big week next week. We are doing some more courses and some more teaching. This should be fun. And what I want to talk about right now in our little, It’s a Security Thing Friday is guys, you know, you’re only listening to this if you’re interested in security. And I’ve got to kind of build you up a little bit because if you’re interested in security, you are probably way ahead of almost everybody else, you know. And I know of two times now where we have had some serious problems with schools personally, right here in the area. We had one that happened here in New Hampshire, and we had another one that just just happened in Connecticut. And what I’d like to propose to you guys is that since you are interested in security that you go ahead and volunteer for your school district. Now you’re going to have a fight on your hand. Because there are people working for the schools. This is true in every business.
But there’s people working for the schools who are supposed to be handling security and may well be doing the best job in the world. And then there may be other people who know they need a little bit more help. Or maybe they don’t understand something quite right. Or maybe they need help installing some software. That’s where you can come in.

So that’s where you can go to your local school and say, Hey, listen, I’m kind of a security guy, even if you’re not professional, right? Even if you’re you haven’t spent the last 10, 20, 30, 40 years worrying about security of computer systems. You may be in a better spot than some poor math teacher that has been been grabbed and dragged over and and told hey, now you are our security champion. So do that for people, right. It’s a security thing. It’s what we do.

We get pulled aside when we go for Christmas, or New Year’s or whatever, a birthday, Hanukkah, you name it, we get pulled the side. I can’t go on a visit to a family member and not spend almost the whole time on computers, trying to fix them, secure them, help them, train them. And you’re the same way. Right? You have had same problem because you’re the computer guy. Well, now you are the security guy or gal right obviously a lot of women out there and one of my daughters is is top notch security person.

So that’s what I’m proposing to you and as I get into this little story here from Connecticut, Bridgeport, Connecticut their public schools and this is a K through 12 district, just had a big problem. There was a attack launched by a malicious outsider and it got in to their network. Now, this happens all the time. It’s hard to secure against. That’s part of what I’m going over this week, this next week in my course, for people how to stop this sort of thing. But it got in, and then it started to spread. And that’s the other thing. We’re going to be talking about this week. How to stop that spread from occurring. And the district hasn’t said the amount of ransom or whether it will pay it. In other words, guess what happened and got in and started encrypting files and then demanded around some now, you know my position, you know the FBI position, don’t pay ransoms it not only does it encourage these bad guys to go after other people to try and get ransom money from them. But it now confirms to the bad guys that hey, you are somebody that pays ransom, so they’re going to try and go after you again. And when you have a big network, like as public school where there’s a lot of people who weren’t well trained or necessarily trained at all it’s pretty darn easy to get into the network.

Now this article that I’m reading, it’s from is saying that the guy in charge over there, they reported it to the superintendent who reported it to the police, he’s saying that several teachers have lost access to lesson plans and teaching material saved on work computers. Teacher and student work saved on cloud based platforms appear to have been unaffected. Well of course it was depending on the type of cloud platform and if they had cloud backups it might be in trouble. But if they’re using Google’s whole Education Suite that’s a little bit of a different deal. It’s not going to spread on to that. Now the district’s power school platform also was on touch. Hopefully it had some really good security. The IT department reportedly reportedly began taking steps to remedy the problem over the weekend and how the district declined to say how far along the IT team is. Have you ever done that? I’ve had to go into companies after the fact where they don’t have anything properly set up. And you got to try and recover machines. And I want to warn you when it comes to ransomware, you may not be aware of this. But new machines, of course, don’t have BIOSes anymore. They boot off a special partition on the hard disk. And then that loads in some special device drivers and other things that then that then loads in Window. So it’s kind of a bootstrap loader process that’s involved nowadays.

So if you get some of these infections, particularly root kits, but this is also true when you’re talking about the some of the ransomware, it can get pretty darn deep right there right into your machines and in be impossible to remove all most absolutely impossible to remove. So in those cases, you may have to replace the hard disk but in other machines it’s that little bootstrap operating system and it’s often Linux based. But it’s not secured particularly well. In most cases, a little bootstrapped operating system may be in non volatile memory on the motherboard. So go to extra steps of the machines been compromised and it’s a newer piece of hardware and it doesn’t have the BIOS anymore. Even if it does have the BIOS go to the extra steps of making sure that you do a very low level not just a format on the hard disk, but also looking at all of the firmware and bootstrap code that’s there on the machine.

Now we had a I was a speaker keynote at a big event as insurance company that is a conglomeration of a bunch of school districts up here and I spoke there and we talked about the risk and well how it’s getting in and what you can do and what you don’t want really want to do. And one of the attendees came up to me afterwards and said, Hey, we just got ransomware throughout the whole school now they were dealing with it and they had obviously a talk to the police, the FBI is usually not that interested in it. But the local police department will be and they started to work to restore stuff. I gave them a little bit of advice, but it is happening. And since it’s a security thing, I thought I would bring it up with you guys and gals.

Go volunteer, help out your school districts, help them understand what they can do, how to prepare the 3-2-1 rules of backup, everything they need, and you can send them my way as well. I’d be more than glad to do training I do trainings all of the time. I charge for these bigger events but you know already that my master classes and other things that I do are absolutely free, these virtual events where it just doesn’t take quite as much of my time as having to go someplace and and give a presentation. 

Anyhow, do that little outreach outreach you’re the security guy as well So reach out to these people have a great weekend and I will be back tomorrow course with my terrestrial radio show who thought you’d ever be saying that right? 30 years ago that and I’ve been doing it I’m almost 1000 weeks of weekly radio shows and podcasts so it’s a long time So join me tomorrow on the air or you can of course listen to it in replay right here on the podcast. So take care. Bye bye.