Ransomware Targeting of K-12 Schools Likely to Increase During the COVID-19 Pandemic
Private Industry Notification (PIN) 20200623-001 was being distributed to make private sector partners aware that Cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning. The FBI does not encourage paying a ransom to cyber actors because paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or may fund illicit activities. Also, paying the ransom also does not guarantee that a victim’s files will be recovered.
The alert was released as TLP: Green and the details, including useful information for preventing access to outsiders, can be shared with clients and contacts, but not via publicly accessible channels. For this report or on ways to monitor and respond to cybercrime, please contact [email protected], or online at Kennyhertz Perry, LLC and its Privacy, Cybersecurity, and Breach Management practice group.
About Kennyhertz Perry’s Privacy, Cybersecurity, and Breach Management Practice Group
Kennyhertz Perry assists clients with data security needs, blending traditional legal experience in the corporate and litigation arenas with technical acumen.
We assist clients in prevention, developing robust information security programs, including administering internal compliance and risk assessments, which include the development and implementation of corporate policies and procedures required for compliance with state and federal privacy and security laws, and information security best practices; information security policies; records retention and management policies.
In addition to prevention, Kennyhertz Perry can prepare security incidence response procedures, identify, assess, contain, and mitigate privacy and security breaches, and work with law enforcement to assist in the investigation of the incident. Businesses that are the victims of cyber attacks also must determine when and how to cooperate with government agencies during the investigation of an attack, and how best to do so. The lawyers in our privacy and cybersecurity practice, as well as members of our Government Enforcement practice group, have deep experience, from both government and private practice, in this area, and help companies navigate the often complicated interactions with government agencies, and can provide both counseling and representation where the threat of prosecution may arise.
Kennyhertz Perry also assists with IT resiliency understanding and engaging at the top management and board level. Traditionally, IT has been misunderstood, and management would not understand the role and responsibility of IT departments. Kennyhertz Perry bridges this gap at all level. At the Board level, directors not only need to be sophisticated with business issues, but they also need to be versed in today’s cyber and IT. Translating an understanding of the importance of a proactive IT security policy, and feeling like the company is “on board” with IT security efforts. Many companies have very robust policies and procedures for their business processes, which sophisticated Board members can understand. IT is different. It’s a different language for a business person, and unfortunately, most Board members will ignore or defer on issues they don’t understand. So when an IT department presents a robust plan for proactive IT security, it may go ignored or disregarded. This can lead to a reactive plan only that focuses on the “when” as opposed to prevention. IT is a different language. We serve as Board IT/cybersecurity liaison to be the “go-between” and translate the IT language into business and vice versa.
To learn more about Kennyhertz Perry, LLC, please visit kennyhertzperry.com.