Google Workspace for Education: Ransomware Protection Case

Gurnick Academy of Medical Arts is a private nursing school in California with around 400 employees and over 2,000 students.

A few months ago the school faced a data loss disaster caused by Ransomware when an instructor inadvertently infected his classroom computer with the virus that had been brought from home on a USB drive. When the instructor tried to access his lectures, he found that all the files had been encrypted. Instead he was faced with a note from ransomware criminals demanding 1 bitcoin ($740) to decrypt the files.

Luckily the IT department identified the Ransomware attack  at an early stage and was able to stop the malware spreading throughout the entire corporate network. Instead of paying the ransom, the instructor chose to re-create the encrypted files that had not yet been backed up.

The Aftermath of Ransomware Attack

While a cloud-to-cloud backup had been made of the files previously, some recently created files had not been backed up. This work had to be re-done and there were several hours of downtime when the instructor was unable to teach or work while his system was completely re-installed and the files were recovered.

Because the instructor also had Google Drive sync running on his PC, the encrypted files had also been copied to the cloud. Many instructors at the school work from USB drives and then sync files to the cloud as this allows them to prepare lectures from anywhere.

However in this case the USB was the weak point that allowed the malware to infect the system. The instructor admitted that he had had some issues with Ransomware infection on his home computer and was unable to open files. Instead he decided to try and open the files on his office computer, at which point the malware was able to infect the corporate system.

Luckily thanks to the work of a quick-acting IT team, the infected machine was disconnected from the network before it was able to create too much damage. However the ransomware had already spread throughout the network very quickly. If this had not been noticed, the problem could have been much more severe.

How SpinOne Helped to Prevent Further Ransomware Infections

After the incident, the IT team realized that their current systems were insufficient to protect the files on the corporate network. While anti-virus software was installed, the majority of ransomware infects as a trojan, not a virus, and the anti-virus software is unable to detect it.

The backup system at the school was also insufficient. While regular local backups were in place, the cloud was not being utilized for backup and because many of the instructors were relying on Google Drive to sync their files directly from USB, they were vulnerable to this type of malware as the files may be infected before they could be backed up by corporate systems.

1. Ransomware Protection: Versioning and Suspicious Emails Blacklist

Teachers at the school spend on average 16-24 hours to create each new lecture, which equates to about $800-$1200. A teacher prepares about 30 lectures a year, which are stored in Google Drive.

If a data loss disaster were to occur, this could result in financial losses of between $30k and a million dollars for the school. This loss of prepared materials would be a disaster for any educational organization both in terms of financial losses and the time it would take to recreate these materials.

Instructors also commonly used their office computers and Google Drive to store personal files, which may include financial information and sensitive personal data. The Google Workspace admins were concerned at the consequences if this data was breached due to a malware attack.

Gurnick Academy realized they needed a more robust disaster recovery system that offered an automated, daily cloud-to-cloud backup solution to integrate with Google Workspace (G Suite). Also important was the ability to restore a snapshot of data with one click, which would greatly reduce administration time in recovering from a ransomware infection.

After reviewing several products, the school decided that SpinOne Ransomware Protection solution was the best option as it allows restoration of the entire Google Workspace (G Suite) account from a specific time.  SpinOne uses version control to enable Google Workspace administrators to backup the exact version of files from a day and time of their choice. Even if the entire network has been encrypted, files can still be restored by selecting a backup that was taken prior to Ransomware infection.

SpinOne also provides an email blacklist feature that can be very useful when recovering from a Ransomware attack. Malware is often spread via email and if an email containing malware is restored from backup, it could re-infect the system. Using Spinbackup, administrators can block unwanted emails from being restored so they do not pose any more risk.

Now, when SpinOne’s solution is deployed by the Gurnik school, any encrypted Google Drive files can be easily recovered from the last snapshot of data and there should be no lost files or need to re-create any work.

2. Insider Threats Detection for Google Workspace for Education

The advanced cybersecurity solution from SpinOne was also a huge selling point for the school as it allows the Google Workspace administrator to monitor and manage third-party apps that have access to corporate data.

The academy has over 1,000 apps in the Google Workspace domain account and the administrator needed a tool to monitor and control data flow to ensure that data breaches in the Google cloud could be detected and corporate data was stored securely.

After using SpinOne’s Insider Threat Control and DLP technology, the administrator found over 1,200 third-party apps that had access to corporate data and were installed by employees and students. Some of these apps were games and apps that were banned within the organization, including apps installed via mobile devices. The admin was then able to add these apps to the blacklist to prevent any future access to data.

SpinOne’s smart algorithms also provided the Google Workspace administrator with a list of Google Drive files that had been shared with users outside the organization. These potential data breaches could then be resolved with a single click by revoking access to the data.

The most useful feature that Gurnick Academy found within SpinOne was the automated set of tools to detect and report common vulnerabilities within the cloud. As this feature is automated, it does not require much input or complicated IT skills in order to monitor and manage it and saves administrators valuable time in detecting threats that can be used for other tasks.

An additional bonus for educational organizations using Google Workspace (G Suite) is that they pay only for administrative personnel users. All student accounts can be connected to SpinOne G Suite solution, including backup and cybersecurity services, for free.

Try SpinOne for free