An Irish primary school’s student information was hacked and held for ransom last year, according to the Annual Data Commissioner Report released today.
Files including the young students’ PPS numbers, dates of birth and names were held hostage, although the report does not say whether this is the only information taken.
The unnamed school’s IT system was the victim of a ‘Crypto-ransomware attack’. This is a nasty type of malware that encrypts or 'scrambles' the contents of a file, so that a person can’t see the file or even use the computer.
“A more common attack is where the machine is locked but files aren’t copied,” Simon McGarr, a solicitor and data law expert, told MummyPages today.
“Another type copies and dumps the information in a central server. This could be located anywhere, in Russia or Donegal. That’s more serious because it could mean high-level identity theft.”
When crypto-ransomware takes those files hostage; a ransom demand is then displayed, offering the user the decryption key needed to restore the files for money. To restore it for normal use, a decryption key is needed to 'unscramble' the file.
This is usually paid with the online currency Bitcoin, although the Data Commission report doesn’t say which method of payment was demanded, or even if the ransom was paid.
According to the report, the school failed to have basic precautions against preventing cyber attacks, such as backing up data. The report also said the school lacked ‘staff training and awareness of the risks associated with opening unknown email attachments or files’ otherwise known as phishing emails.
Ransomeware has been growing in popularity, so If you’re worried about this masked bandit making its way into your important files, follow some simple steps:
-
Back up all necessary files regularly, and store them in a location not connected to the computer or network. This means that even if your computer is affected, you always have unaffected backups available.
-
Enable all your anti-virus solution's security features, and keep it up-to-date with the latest signature databases.
-
Avoid opening emails sent by an unknown sender, especially if it contains an attachment or a link.
