Arizona Schools Provide Model for Managing Ransomware

On Wednesday, September 4, 2019, ransomware was discovered at Flagstaff Unified School District, Arizona. Schools were closed on Thursday and Friday of that week, but re-opened after the weekend. No ransom was paid, and only two days schooling was lost.


Now Moody's new weekly Public Finance Credit Outlook newsletter has highlighted the case as an example of how to prepare for and mitigate the effects of ransomware. It says three things were fundamental: distributed processing across several third-party organizations; a well-prepared and executed response plan; and cyber insurance.


The distributed processing between various organizations including Northern Arizona University, Coconino County and private vendors amounted to a form of network segmentation. "This," comments Moody's, "limited the potential spread of malware across systems and allowed the district to continue performing important operations, such as vendor payments, payroll and debt service repayment, even if its own systems were not immediately available."


While commercial organizations might not be able to implement an identical distributed processing plan, they could implement well-controlled internal network segmentation. If this were done, the effect would be similar -- any malware infestation would be limited in its ability to affect the whole network. This is not easy, but certainly doable with next gen firewalls and privileged access management.


The second element of Flagstaff's success highlighted by Moody's is the district's well-planned and executed incident response plan. The schools were closed not because of loss of computing, but over safety concerns that systems such as cameras, door locks, HVAC, and communications might have been compromised.


Computers were immediately disconnected from the internet and shut down. They were given factory resets to ensure that no malware could be left on the computers to re-infect ..

Support the originator by clicking the read the rest link below.