Ransomware has traditionally been a practice where cybercriminals encrypt data and demand ransom in exchange for a decryption key. More recently, a growing number of these bad actors threaten to make this information public if they do not get paid. This shift in the practice of ransomware has increased the "attractiveness" of K-12 schools for cyber criminals. Information about children is among the most highly protected data there is, making it more likely ransoms will be paid to keep it private. For this and other reasons, K-12 schools are seeing an increase in ransomware activity. In 2021, there were at least 62 reported ransomware cases as compared to only 11 in 2018. 2021 also saw ransomware as the most common cyber incident for K-12 schools for the first time ever.
What Gets Compromised in a Ransomware Attack?
An incident in 2020 involving Fairfax County, VA Public Schools resulted in employee social security numbers being posted online. Hackers targeting a school district in Allen, Texas emailed parents with threats to expose their childs' personal information if educators did not pay a ransom. Showing the full swing of ransomware impacts from the serious to the mundane, a 2022 attack on the Griggsville-Perry School District in Indiana had many records compromised and leaked including a detention slip from December 2014 for a student who would not stop interrupting his health class. This shows the breadth of access that hackers had to documents and has led many schools to reexamine their file retention policy to reduce the amount of data accessible to bad actors.
Ransomware + COVID = Double Pandemic Troubles
Ransomware attacks on education institutions saw a sharp increase during the pandemic. As schools transitioned to online learning, hundreds, if not thousands, of new attack vectors opened up as students logged on from devices at home. Attacks continued throughout the pandemic. Prior to the start of the 2020/2021 school year, when many districts were still virtual in some capacity, the Athens Independent School District in East Texas saw an attack that impacted the district's entire computer network, encrypting all the data. This blocked access to everything from teacher communications to student assignments. The criminals demanded $50,000 in ransom for the data's release.
Costs of Ransomware
Ransomware attacks have big impacts on learning time and budgets. Districts often have to close down their buildings to restore their systems. Even if a ransom is not paid, districts still incur high costs for remediation. Maryland's Baltimore County school system spent almost $9.7 million responding to a late 2020 ransomware attack.
Today's Ransomware Threat
Based on intelligence from the federal government, K-12 schools are paying close attention to activity sponsored by Russia to disrupt education in the United States. School districts are taking extra steps to protect themselves, including restricting the ability of traffic from countries beyond the U.S. to connect to school servers.
In response to the growing prevalence of attacks, in October 2021 President Biden signed a bill into law aimed at helping improve cybersecurity at K-12 schools and making them less vulnerable to ransomware attacks. This measure directs the Cybersecurity and Infrastructure Security Agency (CISA) to study the cyber risks facing elementary and secondary schools and develop recommendations to assist schools in facing those risks.
- RSA Public Sector Day (June 6, 2022; San Francisco, CA) - Learn from government IT luminaries and industry executives on the issues that matter most to the public sector. Topics from ransomware and resiliency to grants and cyber risk challenges will be covered by speakers from the Department of Defense (DoD), National Institute of Science and Technology (NIST), and more.
- Ransomware Summit 2022 (June 16-17, 2022; virtual) - Learn how to avoid a ransomware horror story first-hand. The summit will bring together cybersecurity professionals and leading experts from around the world for in-depth talks and discussions focused on ransomware prevention, detection, response, and recovery.
- Strengthening Cybersecurity in State and Local Agencies using Zero Trust (June 29, 2022; virtual) - Most IT leaders acknowledge the growing threat from ransomware, however many state and local governments are unprepared to prevent or respond to it. Join this webinar to hear state and local cybersecurity experts outline how to build effective protection against ransomware by making Zero Trust a strategic priority. They will explore the best practice for implementing a Zero Trust architecture that ensures your backups are truly immutable.
- (ISC)2 SECURE Washington DC (December 9, 2022; Washington, DC) - Information security professionals from around the capital will explore the latest issues impacting government cybersecurity. Hear from thought leaders and top industry experts as they address Zero Trust, Cloud Security, Ransomware, and much more. Take back actionable ideas and strategies that help strengthen the security of your organization's cyber operations, assets and critical data.
- Ransomware Resiliency in the Age of Zero Trust (white paper) - This white paper discusses why it's pertinent to have a Zero Trust Data Management Strategy that encompasses data protection, data recovery, and how overall data resilience can help organizations quickly recover from unforeseen threats caused by the gap between digital transformation execution and resiliency strategy.
- Ransomware Case Study: Identifying High Priority Security Controls for Public Institutions (white paper) - Recent history indicates U.S. municipalities, K-12 education systems, and utility service providers are profoundly vulnerable, with the effects of ransomware attacks on public institutions disrupting the everyday lives of Americans. This paper will analyze three ransomware attack case studies impacting local governments, K-12 schools, and utilities in 2021 and touch on what precautionary measures can be taken to stay protected.