Schools, ransomware and shitty security
Published: 5th of January 2017
Notice: This article was archived and has only gone through basic grammar correction.
I’ve been away from this blog for nearly a month as I have been working on a blog that provides [information about autism] but as I have some spare time at the moment, I decided to see what has been happening recently and saw an article on the BBC website with the title: [UK schools targeted by web fraudsters] and knew straight away it was going to point out some really prophetic things about how schools do security.
The subtitle that the BBC gave was “Fraudsters are targeting UK schools, demanding payments of up to £8,000 to unlock data they have encrypted with malware.”
Yes school systems are so fucking insecure that a piece of ransomware can cause huge amounts of damage to a whole school and the advice given does not go nearly far enough with it being to:
Look out for any emails that look suspicious
Keep security software up to date
Back up critical data
The issue is that this advice is missing things like:
Separating user account into separate hard drive partitions and disallow any of those accounts from writing outside of that partition (Limits damage as the ransomware can only encrypt one users’ information)
Don’t just back up locally because often organizations will only back up to a network attached hard drive, so if ransomware gets access to those then the back-ups get encrypted. The fix is to also back up to a cloud based solution (Make sure not to use a sync app as it will cause the same but use the online based file up-loader or even use ftp to upload files)
I just wish more people who matter like head teachers would stop being completely incompetent at using a computer as at the moment schools rely on underpaid IT staff who will just be at the school to earn a reference in order to get a well-paid job aka a lot of them won’t really care about shitty school computers.