K–12 Schools, The Number One Target For Ransomware Strikes Last Year, Are Still Dealing With Cyber Attacks

July 22, 2021

By a Biometrica staffer

Earlier this month, the Morgan County school system in West Virginia was hit by a cyberattack, presumably from a Russia-based group, in which the files and data seized are being held for a $70 million ransom. Though all the details are not known, reports suggest it was “just office computers” that were compromised. Officials are reportedly speaking to the West Virginia Board of Risk Insurance Management about a claim, and are also liaising with law enforcement to investigate the attack.

The news has been inundated recently with reports of ransomware attacks striking everything from critical infrastructure to healthcare systems. Amidst this, the spike in attacks targeting schools all across the country has largely slipped under the radar. This West Virginia attack is but the latest in a spate of ransomware attacks targeting schools in the last year, after schools began to shut down due to the pandemic, and learning shifted almost entirely online.

In September last year, a ransomware attack took down the Newhall School District in California, affecting around 6,000 students at 10 elementary schools at a time when the entirety of the education delivery was digital. Some estimates say that over two dozen school systems in California have been hit by a cyberattack over the last five years, ranging from secondary schools to universities. The state’s schools are now exerting a concerted push in shoring up their defenses against such attacks.

In April this year, the Broward County Public Schools system in Florida was crippled by a cyberattack in which district data was encrypted. The hackers demanded $40 million in ransom, threatening to release personal information online, and erase the files it had captured.

The Broward County system is the country’s sixth largest school district, comprising over 270,000 students. The district has an annual budget of around $4 billion, which seems to be the reasoning behind it being targeted and the ransom being so exorbitant.

The school refused to pay the ransom, in line with recommendations from the Federal Bureau of Investigations (FBI), the Department of Homeland Security, and Multi-State Information Sharing and Analysis Center (MS-ISAC). As a result, the hacker group published online almost 26,000 files it had stolen.

According to the FBI, in 2020, K–12 schools became the most favored target sector for cybercriminals, and were also the subject of the majority of all ransomware attacks. They also said that between August and September 2020, almost 60% of all reported ransomware attacks targeted schools, which was up significantly from the January–July figure of 28%.

MS-ISAC said that between 2019 and 2020 it had noted a 19% increase in ransomware and other cyberattacks against K–12 schools. It says that in 2021, there is likely to be a staggering 86% increase, largely due to the pandemic.

One cybersecurity firm, Emisoft, said that in 2020 it had tracked 84 cybercrime incidents against at least 1,681 schools, colleges, and universities. Just under 60 of those incidents involved school districts. There is a lack of data as there is no federal reporting requirement or regulation specifically for school districts. According to some estimates, the average ransom these schools pay is around $50,000, but it can be as high as $1.4 million.

The reason school systems, especially public ones, have become such an attractive target is due to a number of factors. The main one is the fact that the tight budgets of educational institutions means that they are likely to have less developed cybersecurity infrastructure than private entities or critical public ones, leaving more vulnerabilities exposed. They are also more likely to have open WiFi networks, which makes them easy targets. Each teacher and student’s laptop is also a potential gateway to the overall network.

There is a perception as well that schools would be more willing to acquiesce to ransom demands quickly due to their high dependence on their computer systems for things like grading and sharing files, in addition to facing pressure to resume classes as soon as possible. 

The personal information of students is also an attractive target due to the fact that they are less likely to have bank accounts or credit cards, and, thus, they and their parents may not notice their information has been compromised or their identity stolen for fraud purposes for a long time.

On its website, the Cybersecurity and Infrastructure Security Agency (CISA) has a separate section just for K–12 educational institutions. The attacks that CISA has noticed include locking people out of the most basic of functional systems, stealing confidential student data, disrupting online lectures and classrooms, verbally harassing students, flashing pornography or other disturbing or violent imagery on the screen, and “doxxing” students.

Last year, the FBI, CISA, and MS-ISAC disseminated a Joint Cybersecurity Advisory about the cyberthreats faced by K–12 school systems. The government has also developed a resource center for all stakeholders to familiarize themselves with the ways they can detect and prevent cyberattacks on their school networks.