Increasingly, schools are becoming targets of organized cybercrime organizations, and federal groups urge caution

What school leaders need to know about organized cybercrime

Increasingly, schools are becoming targets of organized cybercrime organizations, and federal groups urge caution

Cyberattacks against K-12 schools continue to climb in both number and scale. Such attacks can have serious repercussions; according to a recent report from the Government Accountability Office, “officials from state and local entities reported that the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time ranged from two to nine months.”

These attacks aren’t just being carried out by disgruntled students or “lone wolf” types. Increasingly, schools are becoming targets of organized cybercrime organizations. The FBI, CISA and the MS-ISAC issued warnings at the start of this school year, anticipating attacks may increase as criminal ransomware groups perceive opportunities for successful attack.

The rise of Ransomware-as-a-Service

Many of the recent prominent attacks against schools have been perpetrated by organized crime – and they’re often using what’s known as Ransomware-as-a-Service (RaaS). This is a subscription-based model that allows partners (affiliates) to use ransomware tools that someone else has already developed. The affiliates earn a percentage of the profits if the attack is successful, so there’s plenty of incentive. RaaS makes it easier to pull off more attacks more quickly, which has made it very popular.

Recent research found that ransomware threats remained at peak levels in the latter half of 2022 – with new variants being enabled by RaaS. In 2022, 82 percent of financially motivated cybercrime involved the employment of ransomware or malicious scripts. And not only are bad actors continuing to introduce new strains of ransomware, but they’re also upgrading, modifying, and reusing old ones. The result: Attacks that are more complex and damaging. RaaS appears to be the driving force behind it all.

RaaS is an indicator of what’s to come

The dark web is starting to host an increasing number of additional attack vectors as a service, and this will significantly increase the availability of what’s known as

Cybercrime-as-a-Service (CaaS). It includes new criminal strategies, such as the sale of access to already-compromised targets, will develop in addition to the sale of ransomware and other malware-as-a-service offers.

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Want to share a great resource? Let us know at

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.