Ransoms aside, the cost of remediating the damage from ransomware incidents can be in the millions

Ransomware attacks on schools are only getting worse

Ransoms aside, the cost of remediating the damage from ransomware incidents can be in the millions

Just a few years ago, ransomware probably didn’t rank very high on a list of things parents regularly talked about. But the odds are getting higher that if you ask a parent about it now, they’ll have plenty to say.

Fourteen percent of parents of school-age children in the U.S. responded to a recent survey saying that they had experienced a ransomware attack on their kids’ school. That number was just 9 percent a year ago. The rate of attacks appears to be growing, with a higher percentage of parents saying it happened last summer or this school year, compared to those who experienced it the year before.

Criminals attacked school districts in Tucson, Arizona, and Nantucket, Massachusetts, in late January, cancelling classes for one district and sending administrators to work from home at the other. The attacks marked the fourth and fifth publicly-disclosed incidents in January alone, although survey data indicates that schools may be getting targeted at a higher rate than that, and some incidents may simply not be getting disclosed.

A growing number of victimized schools end up paying a ransom to remedy the situation, and those payments look to be getting much higher. But before diving into those numbers, let’s consider some of the unseen damage of these attacks.

When cybercriminals infiltrate and disrupt a target network with the aim of extorting their victim, they are no longer just looking to lock people out of their computers. What they are just as much after now is the personal information belonging to as many people as possible. Not only will this enhance the value of the extortion scheme, but it will also provide its own value on the dark web. Students’ and teachers’ driver’s license numbers, Social Security numbers, dates of birth, emails and phone numbers can be purchased by low-level identity thieves to open lines of credit and run other scams.

Unfortunately, even if a victimized organization does pay the ransom in exchange for regaining access to its systems, that doesn’t guarantee the criminals won’t go ahead and sell the sensitive data anyway. This is why security experts discourage victims from paying a ransom to their attackers. The primary effect of paying them off is enriching the criminals and emboldening them to do it again.

According to the surveyed parents, the average ransom payment in the school attacks they experienced was $887,360. In the same survey taken a year earlier, that figure was just $375,311. Ten percent of parents this time said the district paid a ransom of more than $1 million, up from just 3.7 percent in 2021. Of course, some schools were able to weather the crisis without paying anything. That’s been the case for about 14 percent of schools for the past couple years, according to these surveys. Ransoms aside, however, the cost of remediating the damage from one of these incidents can still be in the millions.

The other significant harm done by these attacks is the closure of schools. Experts say a big reason these types of incidents likely continue is the fact that schools are known to have smaller, underfunded IT departments. But there’s also the fact that communities are desperate to keep them open. Eighty-two percent of parents who experienced a ransomware incident said their school was forced to close for at least 1 day as a result, up from 75 percent last year. The average closure was 2.5 days, up slightly from last year. That’s a lot of last-minute childcare for working parents to figure out. Or they may have to take time off from work, incurring a form of personal cost from the attack.

In better news, 32 percent of parents who experienced an attack said their child’s data was not compromised. This was up from 25 percent last year, while a shrinking number of parents (8 percent) said they didn’t know if it was stolen or not (down from 14 percent last year). Hopefully this is due in part to greater education on the issue at the individual level. Around 70 percent of parents said they talk at least regularly with their child about practicing good security hygiene, such as using strong passwords.

School IT administrators should pay close attention to security alerts, while keeping a close eye on the traffic on their network. They should use basic security techniques, such as deploying two-factor authentication, regularly making offline data backups, and immediately applying security updates to their software as they become available. If they are hit with a ransomware attack, they should immediately contact the FBI, and can also check NoMoreRansom.org, for additional help.

4 key ways schools can strengthen and advance cybersecurity strategies
Could nearly half of cybersecurity leaders leave their roles by 2025?

Sign up for our K-12 newsletter

Newsletter: Innovations in K12 Education
By submitting your information, you agree to our Terms & Conditions and Privacy Policy.

Want to share a great resource? Let us know at submissions@eschoolmedia.com.

eSchool News uses cookies to improve your experience. Visit our Privacy Policy for more information.