Forget Snow Day: Baltimore's 115,000+ public school kids get Ransomware Day, must check Win PCs for infection Students in Baltimore, Maryland, were on Sunday warned against connecting their Windows PCs to the county’s public school IT system after it was hit by ransomware. Baltimore County Public Schools (BCPS) has revealed few details about the malware infection, and only confirmed it was a “victim of a [ransomware] attack that …
*Sad nod of the head*
I've got family on that side of our nation currently pulling their hair out over this crap. The kids were issued Windows machines & can't access their homework "because the ransomeware encrypted it". I know it sounds like the modern version of the dog ate their homework, but it's a right pain in the arse when it's fekkin true.
My little brother is having to scan his entire network -- everything & anything that can store files reguardless of OS -- because his kids' school laptops have brought home some nasty shit. He's taken his network completely offline while he scans it all from the bare metal on up before he feels confident enough to reconnect. "Big brother, I've listened to you going on about security most of my life. I've listened, I've taken it to heart, I've tried to defend myself, but when my kids' schools are the source of the infestation & I ''have'' to let it into my network, I'm not sure there's enough ''defense in depth'' that doesn't involve dropping $BCPD into a fuckin' blackhole!"
I hate to say it, he'd give his kids Linux based machines if he could afford them, but the BCPD decided a Windows laptop was the only alternative to the Chromebook. Hello? What about an old Apple? How about a used Thinkpad with some flavor of BSD? FFS an old netbook with a prehistoric copy of DamnSmallLinux on it would be infinitely more secure than their crap!
*Anguished howl of frustrated sympathy*
I can't talk because I have yet to do it myself, but your little brother could setup a VLAN. Then only the kids stuff stays on the VLAN. Make sure the VLAN can't cross talk so then the rest of the network is safe. I have yet to do this with our network but want to so that the likes of my partners Apple shit is all isolated, along with the TVs and the Dyson fan and hoover that has no business connecting to a network.
But somebody still has to move it across, VLAN or not. I mentioning that because this was probably some kid that infected a .pdf or something to get out of school and make some Christmas cash. As usual, it got out of hand but at least the kids have some days off.
No matter the culprit, this is the inevitable end for "online" education. You can't make adults kids hate using a computer without them trying to learn how to stop using the computer (adults call this "scripting"). Also, you can't exactly go into a school classroom and turn the day off... but now...
"These people who would infect school systems with ransomware, especially in a time of COVID, when school systems and teachers are under enough pressure as it is, should really have their own level of hell devoted to them..." <---- Looking at you little Timmy!! BAD Timmy... BAD!!!
Timaaaaaaaaa!
Ok, I take it that OneDrive was in heavy use and wasn’t properly secured. That’s a big security hole right there. That, and the Baltimore schools probably set up some kind of remote access. Backs away slowly... there may be an opening in the Baltimore schools for someone who has n actual clue about network security. I have cousins in Baltimore. Gotta contact them and see if this event has convinced the school board that they have to actually pay appropriately for security.
I do some adjunct instruction for a local community college. They use massive amounts of WinCrap, including Office and of course OneDrive, and a thing of evil named ‘Blackboard’, which is a Learning Management System, and is as awful as it sounds. BB, at least here, goes over a MS backbone, so when MS’ servers go TITSUP, BB does too.
The thing is, bad though BB may be, accessing it doesn’t allow for much to download from the school system without the users going to a fair bit of trouble. You have to _want_ to get that file and to take active measures to get it. OneDrive is usually used to distribute files to the students, things like the student data files. By this time the students should all have already got the data files. The main use for OneDrive at this late date is moving Access files and large PowerPoint files around, the school strips all Access files from email and the max attachment in email is 40 MB.
If ChromeBooks can see the school site, then the ransomware didn’t zap the LMS or whatever itself. (And the students can use Macs, unless they need Access) It is unlikely that anything could be transmitted even by OneDrive.
Now, if they went and did something idiotic like using some remote access system, so that the students are actually live on the school network, that’s different. And massively insecure; I see one way that the ransomware may have got on the school network.... And may well be why students have to use Windows or ChromeBooks, the remote access system might not run on Macs. There’s a reason why LMSes exist, after all. BB is horrible, but it works, sort of, with Windows down to 7 (Vista if you push it, XP is out as of the latest update) and Macs down to Mountain Lion, and iOS (sort of) and Android (very sort of). And ChromeBooks.
The college won’t let adjuncts connect using the remote system without going to a _lot_ of trouble, and limits how staff and full-time faculty use it, precisely because of security concerns. Us adjuncts have to jump through hoops to remote in, for one thing we don’t have college desktops sitting in a room on site. Just as well, I wasn’t going to grant access to my home network anyway. There was a college-wide email sent to all staff and faculty a few weeks ago, stating that IT was rolling out increased security for the remote access system. IT at the college are appropriately paranoid. From the sound of things, someone in Baltimore wasn’t.
"These people who would infect school systems with ransomware, especially in a time of COVID, when school systems and teachers are under enough pressure as it is, should really have their own level of hell devoted to them..."
Right. Ransomware miscreants are bad for going after the poor school children's homework. They really should only go after legitimate targets like businesses, hospitals, and government agencies. That would make them far better Internet citizens.
Finally, an excuse to use this icon!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
