All of these attacks are part of a trend that has grown over the past few years. In 2021, there were 73 publicly-reported instances of U.S. public K-12 school districts being victimized by ransomware, according to Emsisoft. But that relatively low-sounding number belies a much larger toll. Those districts comprised a total of 985 schools. And there are likely many incidents that don’t get publicly reported. Some districts appear to have avoided public disclosure of attacks, and it’s generally believed the true number of incidents is significantly higher than what we know about.
Parents tell a similar story. Last fall, nearly 1 in 10 surveyed parents said their child’s school has been hit by a ransomware attack during their student’s time there. Among the parents who said that their school had been attacked, 61 percent said their child had personal data stolen as a result. Three in four said their schools were forced to close for at least 1 day, with an average closure of 2.3 days. Nearly three-in-four parents said the school did pay a ransom, while the ransoms themselves were at least relatively modest; less than four percent said the school paid more than $1 million.
Schools don’t have to be hit directly in order to be affected. There have been dozens of incidents in 2022 involving other education-related organizations, with victims including universities, education management companies, and providers of tech tools used by schools. One such incident last January brought down thousands of school websites when a web hosting company was attacked.
Fortunately, so far in 2022, the rate of attacks on public schools does at least appear to be tracking lower than in recent years. But it’s early in the school year, and there are steps everyone should be taking, in hopes that their school can respond as effectively as the one in Los Angeles.
First, parents should communicate to administrators that they are concerned about these incidents. The average cost of remediation is in the millions. That’s a lot of money for parents and taxpayers to be burdened with, especially when best practices are well-known. School IT administrators need to pay close attention to security alerts, such as those coming from CISA, and they should be keeping a close eye on outgoing network traffic to watch out for data exfiltration to the internet, as well as on lateral movements within their network. They should also utilize two-factor authentication, run regular data backups to systems that are not connected to the internet, and regularly apply security updates to their software as soon as they become available.
Ransomware gangs have become very effective at going after vulnerable targets, and there is so much involved with a typical school day that is now connected to the internet and must be protected. There are systems we may take for granted that are tied to such basic functions as bus scheduling, taking attendance, and so much more. A successful attack means students, teachers and even parents are not going to have a normal school day, and these disruptions can last for weeks or even months. Schools across the country are improving their defenses, but it’s on everyone to do their part to continue the push to fortify these vulnerable systems and keep ransomware attacks and the damage they do on a downward trend.
If your school is hit with a ransomware attack, administrators are advised to contact the FBI, rather than paying the attackers. New decryptors are often made available and posted on NoMoreRansom.org, which also has additional guidance for IT officials to mitigate risk.
- Is the ‘Growing Your Own’ pipeline working for special education teachers? - March 27, 2023
- Helping students understand the Nature of Science - March 27, 2023
- What school leaders need to know about organized cybercrime - March 24, 2023