Since the pandemic-induced surge in online learning, school districts around the country are increasingly the target of ransomware attacks. In fact, the FBI, Cybersecurity Infrastructure Security Agency (CISA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) recently issued a warning about a rise in ransomware attacks as the 2022/2023 school year begins. Schools are particularly at risk since they run open, cloud-based environments so students and faculty enjoy easy access to network resources.
Read on to learn what prompted the warning and ways school districts should respond to reduce their risk.
The announcement came on the heels of a successful attack against the Los Angeles Unified School Department – one of the nation’s largest school districts – in early September. The attack targeted the district’s facilities systems, which house information about private-sector contractor payments (data publicly available through records requests). While the district did not pay ransom, it was forced to change passwords for 540,000 students and 70,000 district employees.
In 2022 alone, 26 U.S. school districts — including Los Angeles — and 24 colleges and universities have been hit by ransomware…eight of them since August 1. Often, cybercriminals steal sensitive information and threaten to release it online if ransom isn’t paid. That was the outcome for at least 31 of the schools hit this year.
The FBI, CISA and MS-ISAC bulletin highlighted a growing number of ransomware attacks against schools by a group called the Vice Society. It detailed that the group’s actors “likely obtain initial network access through compromised credentials by exploiting internet-facing applications.” The bulletin further explains the technical details associated with these exploits.
While the federal agencies noted that school districts with limited cybersecurity capabilities and constrained resources are most vulnerable, they underscored that even those with robust cybersecurity programs are at risk. Specifically, their bulletin said, “K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems.”
To reduce the likelihood and impact of ransomware incidents, the federal bulletin recommended that schools take the following actions immediately:
Visit the Mitigations section of the federal bulletin for more suggestions, including that organizations:
At Nuspire, we closely monitor cybersecurity and threat trends, including ransomware attacks. Knowing that ransomware is here to stay, we find organizations are best able to combat these threats by ensuring 24/7 visibility into their environments and the ability to proactively detect and respond to attacks. For the best defense, we recommend proactive strategies – such as better security training, strengthening access controls and monitoring your environment for attacks with the latest threat detection – alongside traditional preventative tools.