LIVE@CoSN2024: Exclusive Coverage

Ransomware gangs have become very effective at going after vulnerable targets, and schools have countless pieces of critical information that must be protected

Ransomware attackers head back to school

Ransomware gangs have become very effective at going after vulnerable targets, and schools have countless pieces of critical information that must be protected

Just when we thought the painful trend of ransomware attacks on public schools might be waning, news arrived of a massive incident. Over Labor Day weekend, the country’s largest school district, Los Angeles Unified, experienced a ransomware attack. The district serves 600,000 students and described “significant disruptions affecting access to email, computer systems, and applications.”

There was good news, though. The district appeared to catch the attack early, shut its systems down and avoided more serious problems. A lot of the time these attacks result in the loss of social security numbers and all kinds of other data, amounting to a serious violation of children’s privacy. For such a large district, this could have been catastrophic. LAUSD’s impressive response likely resulted from some smart preparation.

LAUSD was unfortunately not the only school to be victimized this year, and in other cases, some of the consequences appear to have been more severe. Staff at Cedar Rapids, Iowa schools saw their personal information stolen this summer, including Social Security numbers, driver’s license numbers, bank account numbers, and even medical history information.

The district is offering a free year’s worth of crediting monitoring services to affected employees. Another incident in Iowa involved an extortion threat from attackers calling themselves Vice Society, saying they would upload stolen files if a ransom wasn’t paid – a common tactic of cyber criminals. It remains unknown whether the two incidents might be related.

Elsewhere, a school district in Texas was forced to hold classes without access to the internet, following a ransomware attack. This included closing the campus to visitors because the screening system couldn’t be accessed.

Growing ransomware threats require maximum data protection
What teachers and parents should know about ransomware

All of these attacks are part of a trend that has grown over the past few years. In 2021, there were 73 publicly-reported instances of U.S. public K-12 school districts being victimized by ransomware, according to Emsisoft. But that relatively low-sounding number belies a much larger toll. Those districts comprised a total of 985 schools. And there are likely many incidents that don’t get publicly reported. Some districts appear to have avoided public disclosure of attacks, and it’s generally believed the true number of incidents is significantly higher than what we know about.

Parents tell a similar story. Last fall, nearly 1 in 10 surveyed parents said their child’s school has been hit by a ransomware attack during their student’s time there. Among the parents who said that their school had been attacked, 61 percent said their child had personal data stolen as a result. Three in four said their schools were forced to close for at least 1 day, with an average closure of 2.3 days. Nearly three-in-four parents said the school did pay a ransom, while the ransoms themselves were at least relatively modest; less than four percent said the school paid more than $1 million.

Schools don’t have to be hit directly in order to be affected. There have been dozens of incidents in 2022 involving other education-related organizations, with victims including universities, education management companies, and providers of tech tools used by schools. One such incident last January brought down thousands of school websites when a web hosting company was attacked.

Fortunately, so far in 2022, the rate of attacks on public schools does at least appear to be tracking lower than in recent years. But it’s early in the school year, and there are steps everyone should be taking, in hopes that their school can respond as effectively as the one in Los Angeles.

First, parents should communicate to administrators that they are concerned about these incidents. The average cost of remediation is in the millions. That’s a lot of money for parents and taxpayers to be burdened with, especially when best practices are well-known. School IT administrators need to pay close attention to security alerts, such as those coming from CISA, and they should be keeping a close eye on outgoing network traffic to watch out for data exfiltration to the internet, as well as on lateral movements within their network. They should also utilize two-factor authentication, run regular data backups to systems that are not connected to the internet, and regularly apply security updates to their software as soon as they become available.

Ransomware gangs have become very effective at going after vulnerable targets, and there is so much involved with a typical school day that is now connected to the internet and must be protected. There are systems we may take for granted that are tied to such basic functions as bus scheduling, taking attendance, and so much more. A successful attack means students, teachers and even parents are not going to have a normal school day, and these disruptions can last for weeks or even months. Schools across the country are improving their defenses, but it’s on everyone to do their part to continue the push to fortify these vulnerable systems and keep ransomware attacks and the damage they do on a downward trend.

If your school is hit with a ransomware attack, administrators are advised to contact the FBI, rather than paying the attackers. New decryptors are often made available and posted on, which also has additional guidance for IT officials to mitigate risk.

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Want to share a great resource? Let us know at

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.