School Ransomware Attacks Halt Remote Learning Across the U.S.

On Nov. 24, the Tuesday night before Thanksgiving, a ransomware attack hit Baltimore County Public Schools (BCPS), immobilizing the remote-learning-only network for 115,000 students. Maryland technology officials struggled to regain control of BCPS systems through the holiday and over the weekend and were ultimately forced to cancel school across the county on Monday and Tuesday.

Much information about the cyberattack has not been made public, such as whether or not the hackers asked for a ransom. Though officials have not confirmed the type of ransomware deployed, some teachers took to social media, noting that their files had a “.ryuk” extension. Ryuk is a type of ransomware commonly used in cyberattacks on the public sector, including schools.

Unfortunately, the BCPS attack is far from a one-off — it’s just one of the latest incidents in an onslaught of cyberattacks within the education sector.

Schools have become increasingly, if not totally, reliant on technology since the advent of the pandemic in March. Most schools across the U.S. have adopted remote or hybrid learning modules, and many schools are lending out laptops or tablets to students and teachers to accommodate this digital shift. Schools are making years’ worth of changes in very short amounts of time, and such a whirlwind of change can leave blind spots. Enter: cybercriminals.

The Rise of Ransomware in Education

According to Emsisoft, as of late November, 77 school districts comprising 1,528 schools had been impacted by ransomware this year.

At the start of this unprecedented year of remote and hybrid learning, several schools across the nation were hit with cyberattacks that delayed the start of the school year, including Ponca City Public Schools in Oklahoma and Hartford Public Schools in Connecticut. In August, a ransomware attack delayed the start of Athens Independent School District (ISD) in Texas by a week and cost $50,000 in ransom.

More honorable mentions: One Florida teenager, later arrested, flooded Miami-Dade Public Schools with multiple cyberattacks in September, denying thousands of students access to their online classes. And a December ransomware attack on Huntsville, Alabama schools halted learning for 23,000 students for a full week.

When Las Vegas’ Clark County School District refused to pay a ransom following an attack on its network, the hackers allegedly released sensitive data, including staff Social Security numbers and student addresses — a worst case scenario.

Hackers Capitalize on Schools’ Lack of Security Resources and Funding

Schools are an attractive target to hackers not only for their troves of sensitive data, but also because, historically, they tend to run on outdated IT systems, smaller staffs and fewer resources.

Douglas Levin, founder of the K-12 Cybersecurity Resource Center, told the Baltimore Sun that it is not uncommon for state audits on school systems to document poor protection of personal data, absence of recovery plans, and poor password management, among other problems.[1]

This is indicative of the larger lack of resources allocated to cybersecurity in schools. But, as we have seen, failure to invest in proactive defenses can result in detrimental loss when cyberattacks succeed — this should be fresh in the mind of Baltimore City, which in 2019 spent over $18 million recovering from a ransomware attack, over 200 times the original ransom they refused to pay.

A Security-First Posture, Paired with Awareness Training, Can Help

Of course, the best way to fortify your network against ransomware attacks is by allocating more resources to your IT security strategy. Some smart steps to take include:

• Deploying a layered cybersecurity strategy
• Leveraging anti-ransomware technology
• Securing data stored in private and public cloud and on-premises environments
• Backing up data regularly
• Patching vulnerabilities as they are discovered
• Ensuring ransomware coverage is included in your cybersecurity insurance plan
• Training employees and students to be more cyber aware

The vast majority of successful cyberattacks are caused by human error. Schools often function on extremely tight budgets, so if you’ve maxed out your budget with the above recommendations, your best bet may be to train your employees and students into a fortified last line of defense.

A recent Mimecast survey found that 52% of education and public sector employees have not received any specific training regarding remote work since the pandemic started.

Take Mehlville Schools of St. Louis, for example. They invest in cybersecurity by having third-party organizations conduct simulated phishing campaigns on employees. Following the simulations, they see how many employees clicked the “malicious” links and educate from there. Since the training, the rate at which staff members engaged with suspicious links fell from 25%-30% to just 4% — a testament to awareness training’s ROI. [2]

The Bottom Line

The recent ransomware attack that shut down Baltimore County Public Schools for nearly a week is indicative of a continuing trend of attacks on a technology-dependent U.S. education sector. Though schools tend to operate on uniquely cutthroat budgets, it is vital that they prioritize strong cyber defenses to thwart off the detrimental consequences of ransomware attacks. 

[1]“ As Baltimore County recovers from ransomware attack, state audits have routinely found security problems in other school districts,” Baltimore Sun

[2] “As remote learning spreads, so have cyberattacks. Are schools ready?” Christian Science Monitor