Episode 26: An Inside Look at a K-12 Ransomware Incident (Part 2)
In 2020, there were 408 publicly-disclosed cyber incidents impacting K-12 school districts. Of those 408 incidents, roughly 50 consisted of ransomware. These incidents often resulted in school closures and prevented districts from accessing sensitive data and critical systems because they were encrypted by cybercriminals.
During an attack, school district IT teams scramble to find all the ransomware symptoms to see which systems have been impacted and assess the severity. Another threat emerging is the exfiltration of data by attackers to try and force school districts to pay the ransom. This makes data loss prevention for districts more critical to have in place as part of their cloud application security checklist.
To get a better picture of what takes place during an attack and the recovery process, we previously talked with Jon Wiederspan at Northshore School District. Jon provided first-hand experience of what happens inside a school district from an operational perspective when dealing with ransomware. In our newest episode of The K-12 Tech Experience—and our first of 2022—we are joined by two Northshore School District employees to get a look at the more technical side of dealing with ransomware.
Jon Biggerstaff, a Senior Systems Engineer, and Lead Unix Server Support, Ski Kacoroski, join to share all the technical details of identifying and recovering from ransomware. From the initial discovery, the rebuilding and recovering, and the cybersecurity strategies Northshore School District has implemented since the October 2019 incident.
Take a listen by scrolling down to hear about Northshore School District’s ransomware incident from Jon and Ski’s perspective. Make sure you subscribe to The K-12 Tech Experience to stay up to date with the latest episode!
JK: Before we get going, I like to get to know our guests a bit. How about we start off by having you both share a bit about yourselves, your careers, and your role at Northshore School District?
JB: I’m a Systems Engineer here at Northshore and I’ve been here for about 14 years now. When I first started, I ran Windows servers on-prem. Of course, as time has gone on that’s turned into more of the Microsoft cloud services migrating into Azure and Office 365. We originally had maybe 30 servers and over time it had shifted, for a variety of reasons, up into the cloud services. That’s where most of my time has been spent the last four or 5 years is migrating those services here.
SK: I’m the Linux and Unix server admin. I also deal with identity management and I’ve been at Northshore School District just shy of 20 years.
JK: Over the course of the past school year, how have you seen your roles change compared to before the pandemic and all the changes K-12 education has experienced?
JB: I would say for me, my role has dramatically changed. Primarily, becoming more security-focused. It’s an obvious answer but it’s been a big mindset shift for me and in the way I operate. Security is always at the forefront now. Prior to 18 months ago, it wasn’t. We weren’t a target—or so we thought.
SK: For myself, the biggest thing has been all the online services that we’ve had to deal with now. It’s been a lot of work provisioning and figuring out how it’s all going to work together.
Listen to the rest of our conversation with Jon and Ski below and check out previous episodes on the ManagedMethods podcast page. Make sure to subscribe to The K-12 Tech Experience wherever you listen to your podcasts, so you never miss an episode!
The post Podcast | An Inside Look at a K-12 Ransomware Incident (Part 2) appeared first on ManagedMethods.
*** This is a Security Bloggers Network syndicated blog from ManagedMethods authored by Jake Kasowski. Read the original post at: https://managedmethods.com/blog/podcast-k12-ransomware-incident-part-2/