Alabama schools see increase in ransomware, phishing attacks

Alabama schools see increase in ransomware, phishing attacks

Alabama schools are seeing an increase in ransomware, phishing and other cybersecurity attacks, officials say.

Jefferson County Schools is still recovering and declared a ransomware emergency earlier this week, allowing the district to access and direct funding more quickly, and they continue to repair their network in phases, according to Superintendent Walter Gonsoulin.

The Alabama Supercomputer Authority, which receives state funding and provides free internet and cybersecurity services to all schools statewide, shared an overview of threats schools deal with and how its services can help avoid or stop a cyberattack in a presentation to the state Board of Education Thursday.

“There are thousands of attacks on Alabama’s schools every day, but 99.9% of them are stopped,” Mackey told AL.com after the work session.

Mackey said the state saw the need to find help for school districts as COVID closed schools and teachers and students began accessing school networks at home. The ASA began offering services in summer of 2020, and 111 school districts initially signed on for help.

The biggest threat, ASA officials said, is when attackers trick people into clicking on malicious links in an email, a practice called phishing. Employees can unknowingly click on links that either install malware or otherwise obtain information from the network it has hooked into.

Victor Rodriguez, the ASA’s Security Operations Center director, told board members that is typically the first step of many before a cybercriminal takes control of the information on the school’s network and makes a ransom request.

“We help with alerting as early as possible on malware and ransomware indicators of compromise for all of the schools who are accepting our services and participating with us,” Rodriguez said.

Schools need help, he said, particularly the smaller districts that don’t have the capacity to hire technology experts to keep their networks and information secure.

“It takes one attacker anywhere to orchestrate the successful attack,” Rodriguez said, “whereas it takes a multitude of individuals working diligently to prepare, prevent, contain and then eradicate anything like that.”

One of the services ASA offers is threat assessment training where employees learn to recognize phishing attempts and can hopefully avoid clicking on malicious links. The training is voluntary, though, and there is no record of who has been trained and who hasn’t.

Alabama Superintendent Eric Mackey said board members recently received a phishing email that looked like it was from him, and that he recently received one that looked like it was from Gov. Kay Ivey but wasn’t.

The ASA also offers annual firewall review, operations support and monthly vulnerability checks for K-12 schools.

The ASA helped Huntsville City Schools recover from a November 2020 cyberattack where data for students, parents, and employees of Huntsville City Schools was stolen. The attack shut down schools for nearly a week and like Jefferson County schools, teachers and students couldn’t access school networks until the network was repaired.