Teach Cyber 2020 logo
November 18, 2021

The Teach Cyber Byte

In this Byte, we examine a Ransomware Attack. If you enjoyed this Byte and know someone else that would, please feel free to forward and share our newsletter! (Please note: if you forward this to someone else and they click "unsubscribe," you may be unsubscribed from the mailing list.)

What: Cybersecurity All Star Career Panel

When: November 18, 7-8 pm ET

Cybersecurity is a growing and diverse field. This Virtual Lounge will bring the richness of the field of cybersecurity to life through an All Star Career Panel that you will not want to miss! The Panelists are:

Nathan Heck

Nathan has been in the field 25 years. His broad background spans multiple information security disciplines including Information Security Strategy/Management/Governance, Secure Architecture Design, Risk/Third Party Risk Management, Compliance, Business Continuity Management, Governance Documentation Development (Policies/Standards/Guidelines/Procedures), Incident Management, Response and Forensics, Application Security, Threat/Vulnerability Management & Penetration Testing, Security Operations, Data Security/Protection, Privacy, Physical & Environmental Security, Cyber Threat Intelligence, Network & System Security Hardening and Management, SIEM/Logging/Monitoring, Virtualization Security, Security Awareness & Training, Security Assessments and Audits and numerous others. Nathan has degrees in Computer Technology, Organizational Leadership and Psychology from Purdue University and is currently working on completing his Masters of Science in Information Security. Nathan holds a number of cybersecurity certifications and an active U.S. Security Clearance. He has taught security classes for higher education and the U.S. Army.

Daryl Pfeif

Daryl Pfeif is the Founding Partner of Digital Forensics Solutions (GotDFS.com) and CEO of Digital Security Associates (GotDSA.com). Since 2004, she has been actively engaged in digital forensics and cyber security, supervising forensic and data breach investigations, security audits and analysis, training, research and software development. Daryl is also a founding Board Member and the COO of DFRWS.org, a volunteer-driven non-profit organization that coordinates international knowledge sharing and collaborative activities for leaders in education, government, and industry to address emerging challenges and to advance the science in DFIR research and practice. Daryl’s most recent endeavor is the Cyber Sleuth Science Lab, (CyberSleuthLab.org) an initiative founded in 2016 to introduce DFIR in High School and to empower young women and other underrepresented youth to pursue careers in DFIR and related fields.

Roland Varriale

Roland Varriale is a cyber security analyst at Argonne National Laboratory focusing on the security of Vehicle-to-Everything (V2X) systems as well as general cyber risk and resilience. He serves as the Academic Chair of the Secret Service’s Chicago branch of the Electronic Crimes Task Force and contributes to Department of Homeland Security, Department of Transportation, and Department of Energy projects. Roland is also a lecturer for the Threat and Response Management Program at the University of Chicago’s Graham School. Prior to his work at Argonne, Roland was a business analyst, high school teacher, and system administrator; which motivates his holistic, systems-based analysis of vulnerabilities and risks. Roland has a Bachelor of Science Degree in Computer Science from Manhattan College and a Master of Science Degree in Software Engineering from the University of Scranton.

State and Local Working Group

Nineteen states are contributing to the discussions surrounding cybersecurity and K12 education. Is your state in the mix? If not, we welcome your state or local district representation.

The next State and Local Working Group (TC-SLWG) meeting is Tuesday, 30 November, 5:00 - 6:30 EST.

Based on the discussions in our first meeting, we will have a brief presentation of the eight Big Ideas that are the basis for the HSCCG (High School Cybersecurity Curriculum Guidelines), followed by initial dialog on how these can be incorporated into development of standards. For questions or to RSVP please contact judi.emmel@teachcyber.org.

Explore the Discipline of Cybersecurity

Teacher Workshop: Saturday December 11

Interested in Cybersecurity?

Explore the “Big Ideas” of Cybersecurity Education, investigate the free TeachCyber curriculum and experience a hands-on learning activity.

This no cost event is a 90-minute virtual workshop on Saturday, December 11, 2021, 10:30 AM - Noon ET.


LAST CALL for the NICE K12 Cybersecurity Education Conference Registration Ends December 3, 2021!

2021Virtual NICEK12

Teach Cyber at NICE K12

TeachCyber is leading a preconference workshop entitled “Teaching Cyber in Various Implementation Settings” on Sunday, December 5 at 1 pm ET. This 1.5 hour workshop will highlight how to use the Teach Cyber courseware:
  • for a variety of cybersecurity courses based on the number of contact hours in the course, (year-long, semester, quarter, etc.), the educational setting (traditional classroom/computer lab, after school club, etc.), or
  • as a cybersecurity unit in a CS, IT or Gen Ed course.

Curriculum Updates

Units 1, 2, 3 and 4 have been updated and released. You can find them at TeachCyber.org The updated files are titled v1.2 to make them easy to recognize. The change log can be found HERE. Unit 5 will be released by the end of November and the release schedule for future updates is:
  • Unit 6 - December
  • Unit 7 - January
  • Unit 8 - February

Global Citizenship for Adult Education

We want to share some related work from two of our TeachCyber team members. Jenny and Melissa wrote a chapter in the newly, released book Global Citizenship for Adult Education: Advancing Critical Literacies for Equity and Social Justice, edited by Petra A. Robinson, Kamala V. Williams and Maja Stojanovic (2022, published by Routledge, ISBN 9780367505875). This book promotes the development of critical literacies in adult education, especially as they relate to global citizenship, equity, and social justice. As this edited collection argues, a rapidly changing global environment and proliferation of new media technologies have greatly expanded the kinds of literacies that one requires in order to be an engaged global citizen.
Melissa and Jenny’s book chapter proposes a framework for cybersecurity literacy by developing a “cybersecurity mindset” in adult education. The cybersecurity mindset is a way of:
  1. understanding cyberspace and an individual’s roles in establishing trust,
  2. managing risk,
  3. thinking like an adversary, and
  4. using ethical reflection and judgment.
The four dimensions of cybersecurity mindset are explored through an example of misinformation and disinformation demonstrating how cybersecurity exists within the context of social, organizational, political, and personal values.

National Cybersecurity Teaching Academy (NCTA)

A recently funded NSA grant will create the National Cybersecurity Teaching Academy (NCTA). NCTA will offer a 12-credit hour graduate certificate to high school teachers starting summer 2022. The certificate will include coursework on:
  • teaching cybersecurity,
  • foundations of cybersecurity,
  • network security, and
  • advanced topics (we are planning a hands-on practicum where teachers can DO cybersecurity!)
Three universities (DePaul University, University of Louisville, and University of Arkansas-Little Rock) will be offering the virtual program. Scholarships will be available to support 90 teachers. Interested teachers are encouraged to register for information by December 1, 2021.

Ask Our Expert How to Practice Better Cybersecurity

Recently we were asked by a teacher if it is important to have just paid programs like anti-virus to be secure? And related, are there free resources that users can implement to improve their security?

Nancy Stevens with Teach Cyber Says: Yes! There are some good FREE products that offer basic features.
  1. AVG is one that I have used https://www.avg.com/en-us/homepage#pc
  2. A free password manager is fine if you only use one device, but there may be other features you want. Wired Magazine has a good review of password managers here: https://www.wired.com/story/best-password-managers/
  3. Start with some FREE protection to see if you like the product. Keep your operating systems updated whether it is Android, IOS, or Windows. Windows 11 just started rolling out and it has security updates. You do have to check that your device is compatible https://www.microsoft.com/en-us/windows/windows-11


Ransomware is a form of malware that prevents users from accessing their system and files until a ransom is paid [1]. In recent months, there have been countless high-profile victims of ransomware attacks, and the payouts have netted attackers millions of dollars. As a result, an entire black-market industry has sprung up to provide ransomware as a service [1], so today's thieves don't even have to be tech-savvy. Many ransomware groups are even staffed with a complete customer service department to ensure paying victims can seamlessly get their files back [2]. Unfortunately, the threat of ransomware isn't going away anytime soon, so as cybersecurity students and professionals, we must learn how to better defend ourselves against it.
Kill Chain (WoW)
Given the recent spike in ransomware news coverage, you may be surprised to learn that ransomware has been around for decades. The first known ransomware attack was launched in 1989 against the healthcare industry [3]. While the technologies underpinning ransomware have changed since the late 80s, the growing prevalence of ransomware has more to do with the pandemic than anything else. Remote work and school have pushed employees and students into less secure environments and provided them increased access to their organization's digital assets. Additionally, the growth of cryptocurrencies and the ransomware market mentioned earlier has made it remarkably easy to buy and profit from custom malware kits yourself, increasing the number of threat actors [4]. The cost of ransomware attacks surpassed $7.5 billion in 2019 and has only grown since then [5].

Despite their remarkable effectiveness, the inner workings of ransomware are relatively simple. Most ransomware attacks begin with phishing; the attackers will send e-mails and messages designed to look inconspicuous but carry the ransomware payload. After a successful exploit, the ransomware program will search for and encrypt files on your system. Some will target valuable files such as Microsoft Word documents and images, while others will encrypt the entire storage drive. Ransomware encryption relies on asymmetric cryptography--a cryptosystem that uses a pair of keys to encrypt and decrypt a file. In most modern ransomware attacks, a unique keypair is generated for each victim. Still, in some instances, such as REvil and Kaseya, master keys were released that were capable of decrypting any victim's files [6]. While advancements like using cross-platform technologies or double extortion (threatening to leak the victim's sensitive data if the ransom isn't paid) have developed over time, the fundamentals of ransomware have remained unchanged.
Kill Chain (WoW)
One of the most notable instances of ransomware is WannaCry. In 2017, this ransomware strand infected more than 230,000 machines in 150 countries, causing billions of dollars in damage. What made WannaCry particularly notable, however, was the speed and scale with which it spread. In total, the initial WannaCry release was able to encrypt those 200,000 machines in less than a day. WannaCry changed the profession of cybersecurity, not just through its financial impact but also through its outsized influence on the cyber threat landscape and the public consciousness of cybersecurity [7]. One of the most notable victims of WannaCry was the United Kingdom's National Health Service, which accounted for 70,000 of the original compromises. Unfortunately, hospitals and other sensitive targets such as universities and critical infrastructure sites are often disproportionately targeted by these attacks [8].
WannaCry and other forms of ransomware are highly profitable, so agencies like CISA and the FBI advise against paying the ransom [9]. Sometimes, like in the case of WannaCry, you may not retrieve your files even if you do pay. Additionally, there's always a chance that researchers could identify the ransomware's master key or that a fix could be released. Paying the ransom also doesn't mean that your systems will no longer be compromised, so a complete reset of infected systems is recommended regardless. When companies do pay, however, law enforcement agencies have recovered some of the ransoms, like in the case of Colonial Pipeline's bitcoin payout to Darkside [10]. Insurance companies have even started offering ransomware insurance to help businesses offset the costs of a potential attack, highlighting the economic as well as security implications of ransomware.

Because ransomware (and most other forms of malware) usually spread through phishing campaigns, the best defense against it is practicing good cyber hygiene! Make sure that you use security software suites like Windows Defender and keep it up to date so that you remain protected against new strands of malware. Additionally, it's imperative to practice safe internet usage by double-checking where you click and surf.

For organizations, a critical ransomware defense is regularly backing up their devices. However, these backups also need to be logically isolated or even kept entirely offline if possible. Duplicating files and systems using these methods will ensure the ransomware doesn't also encrypt backups. By always having secure backup copies of their files on hand, they can regain access to their files and systems for free. Of course, backups don't stop ransomware attacks, but they do mitigate their impact.

If you're interested in learning more about the cybersecurity principles behind ransomware, check out TeachCyber's Intro to the Challenge of Cybersecurity course . Unit 1 Lesson 1 covers the WannaCry Ransomware attack. Units 3 and 4 cover many of the network and data security concepts crucial to understanding ransomware attacks, including social engineering and security vulnerabilities. Unit 5, Lesson 3 examines asymmetric cryptography, the form of cryptography used for encryption in ransomware. Finally, Units 6 and 8 look at the societal, economic, and political implications of cybersecurity (and, by extension, ransomware).

Help Us Help You

Teach Cyber is a project within DARK Enterprises, which is a non-profit organization dedicated to Nurturing a Sustainable Cybersecurity Education Ecosystem. We can provide US Cyber Range grants, the curriculum, the virtual lounges, etc., through grants and the generous support of foundations, individuals. There are two ways you can support Teach Cyber today.
  1. Amazon Smile - You shop. Amazon Gives. To donate to Teach Cyber, please use the DARK Enterprises Amazon Smile link: https://smile.amazon.com/ch/47-4951875
  2. Make a direct donation here: https://teachcyber.org/donations-and-partners/ Every dollar counts.
[1] Fruhlinger, Josh. "What Is Ransomware? How These Attacks Work & How to Recover from Them." CSO Online, 19 Dec. 2018, www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html.
[2] Barrett, Brian. "Ransomware Has Gone Corporate—and Gotten More Cruel." Wired, 26 Aug. 2020, www.wired.com/story/ransomware-gone-corporate-darkside-where-will-it-end/.
[3] De Groot, Juliana. "A History of Ransomware Attacks: The Biggest and Worst Ransomware Attacks of All Time." Digital Guardian, 3 Jan. 2019, digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time.
[4] "What Is Ransomware?" McAfee, www.mcafee.com/enterprise/en-us/security-awareness/ransomware.html.
[5] "How Ransomware Spreads: 9 Most Common Infection Methods and How to Stop Them." Emsisoft | Security Blog, 19 Dec. 2019, blog.emsisoft.com/en/34822/the-state-of-ransomware-in-the-us-report-and-statistics-2019/.
[6] Montalbano, Elizabeth. "Kaseya's 'Master Key' to REvil Attack Leaked Online." Threatpost.com, 11 Aug. 2021, threatpost.com/kaseyas-master-key-to-revil-attack-leaked-online/168565/.
[7] Fischbein, Jonathan. "Council Post: The Evolution of Ransomware: Blocking Sophisticated 5th Generation Attacks." Forbes, 7 Oct. 2021, www.forbes.com/sites/forbestechcouncil/2021/10/07/the-evolution-of-ransomware-blocking-sophisticated-5th-generation-attacks/.
[8] "Cyber-Attack: Europol Says It Was Unprecedented in Scale." BBC News, 13 May 2017, www.bbc.com/news/world-europe-39907965.
[9] "Stop Ransomware." Cybersecurity and Infrastructure Security Agency, www.cisa.gov/stopransomware.
[10] Wolf, Brett. "Recovery of Colonial Pipeline Ransom Funds Highlights Traceability of Cryptocurrency, Experts Say." Thomson Reuters Institute, 23 June 2021, www.thomsonreuters.com/en-us/posts/investigation-fraud-and-risk/colonial-pipeline-ransom-funds/.
Teach Cyber 2020 logo