IT Security

Ransomware in School Districts

Ransomware in School Districts 

Ransomware attacks in educational organizations and school districts are on the rise, with at least 830 individual schools having experienced incidents between January and July 2021.1 The beginning of the school year is a prime time for ransomware attackers targeting schools, with several ransomware incidents occurring in recent years that delayed the first day of school for some, and have even led to declarations of a states of emergency for others. These incidents have been increasing over the last few years since ransomware attackers are increasingly focusing on state and local government agencies, which includes school districts. In recent years the ransomware attacks on school districts have not just increased in number, but they are targeting school districts that are larger in size, offering them the inducement of larger payouts. The rise in malicious activity mirrors the rise in remote learning that occurred during the COVID-19 pandemic, which opened channels for malicious activity as millions of new devices were introduced into school district networks.  

The Cybersecurity and Infrastructure Security Agency (CISA) has guidance for K-12 educational institutions aimed at helping non-technical education professionals to prevent ransomware attacks.Malicious cyber actors are: 

  • Targeting school computer systems 
  • Slowing access 
  • Rendering systems inaccessible to base functions (including remote learning) 
  • Disrupting live-conferenced classroom settings by verbally harassing students, displaying pornographic and violent images, doxing meeting attendees 
  • Stealing confidential student data and threatening to leak it if they are not paid a ransom 

CISA highlights the following general cybersecurity best practices for education professionals3

  • Patch operating systems, software, and firmware as soon as updates are released by the manufacturer. 
  • Change passwords to network systems and accounts regularly and avoid reusing passwords 
  • Use multi-factor authentication when the option is available 
  • Set antivirus and anti-malware solutions to regularly and automatically scan and update 
  • Monitor privacy settings and information that is available on social networking sites 
  • Do not pay ransoms. Payment does not guarantee recovery, and it may also inspire cyber actors to attack more educational organizations 
  • Configure network firewalls to block unauthorized IP addresses and to disable port forwarding 

K-12 education professionals utilizing videoconferencing should be aware of the following best practices: 

  • Ensure participants use the most updated version of the remote access/meeting applications. Require passwords for attendees to access the sessions 
  • Encourage students to avoid sharing meeting codes and passwords 
  • Establish a vetting process such as a waiting room to identify participants as they arrive 
  • Establish policies to require participants to sign in using their real names rather than aliases, and ensure that only the host controls screensharing privileges 
  • Implement a policy to prevent participants from entering rooms prior to the host’s arrival, and to prevent the host from exiting prior to the departure of all of the participants 

1 Sabin, Politico, 2021, “Schools brace for ransomware attacks” 

2, 2021, “Stop Ransomware: K-12 Resources” 

3, 2021, “Cyber Threats to K-12 Remote Learning Education”