Ransomware: Wreaking Havoc on American Schools

kids walking into school


Well, most of us could say that we saw this coming. Ransomware began wreaking havoc on businesses globally amid the COVID-19 pandemic, however, these malicious actors have their eyes set on a new form of prey – our schools.

An independent study revealed that a total of 88 education sectors were compromised by ransomware in 2021: 62 school districts and 26 college institutions, which can be credited to the disruption of learning across 1,043 schools nationwide.

However, it wasn’t until the country’s second largest school district was infiltrated this year, that the FBI and CISA released its national warning of potential attacks on K-12 schools. The attack against the Los Angeles Unified School District (LAUSD) resulted in more than 600,000 students having personal information compromised by the Vice Society threat group (Info Security Group, 2022).

According to the Info Security Group, the FBI, CISA, and the [Multi-State Information Sharing and Analysis Center] MS-ISAC, K-12 cyberattacks are projected to increase as ransomware groups have benefited from early success this school year, propelling schools as an opportunity for cyber criminals. This has left the limited school districts with limited cybersecurity capabilities and resources to be the most vulnerable, however, even the schools deploying a robust security strategy are still at great risk.


Why Schools?

Considering that cyberattacks have been proven to be financially motivated about 71% of the time (Verizon, 2021), some have questioned the motive behind targeting schools. But the hard truth is, it’s just as profitable for hacking groups to go after schools, rather than solely focusing on businesses. Emsisoft security researcher, Brett Callow, states that “Attacks on schools are commonplace for one very simple reason: they’re profitable. Like legitimate businesses, when cybercriminal enterprises hit on a strategy that works well, they’ll repeat it over and over. The only way to stop attacks on the Education sector is to make them unprofitable, and a big part of that requires bolstering security in schools so that they don’t need to pay [ransomware groups].”

However, for the schools who elect to not pay the ransom often find themselves spending large sums of capital to recover from the attack. For example, Sierra College – a community college in California that was hit with ransomware, elected not to pay the ransom, and instead replaced the 300 encrypted hard drives, which costed the institution $18,667.94, according to Motherboard.


How the Cloud can Protect Schools

Ransomware attacks have not impacted all schools the same way; For example, when the Victor Central School District in New York had its systems infected, the school wasn’t forced to close. Because this school district previously invested in migrating its systems and their back-ups to the cloud, the school wasn’t forced to interrupt its operations. However, the attack still resulted in down-time. After the attack, the director of the schools IT department wrote in an email that the “District is completely disconnected from the internet, cannot bring back up until it’s clean and the state says its ok, we have to do things in a certain order to ensure it’s clean.” (Motherboard). By hosting its back-ups in the cloud, the school district avoided paying ransom and was able to begin its remediation plan from the second the breach was confirmed.

By relying on cloud services, schools can avoid severe damage in the event of a breach, or alternatively, using Chromebooks which are laptop machines that run just a web-browser.

Storing back-ups on a separate network ensures that those too don’t become compromised if ransomware were to reach the network; At least that was the case for Affton High School of Missouri, which never had to consider paying the ransom group given that none of its back-ups were affected by the attack (Motherboard).

Although adopting cloud-based hosting can prove to be valuable, that doesn’t mean electing to use cloud-based hosting environments guarantees safety from hackers. A survey by Accurics showed that 93% of cloud deployments had some misconfigured cloud storage services. Thus, schools need to take a calculated approach to adopting cloud-hosting services to prevent any catastrophic misconfiguration issues than potentially cause a breach. To avoid common cloud misconfiguration issues, click here for AgileBlue’s guide.


Simplify your Cloud Security

AgileBlue is a proven SOC|XDR platform that detects cyberattacks faster and more accurately across your entire digital infrastructure. Our platform provides discovery and visibility into your cloud assets and security configurations allowing you to access a single source of truth across multi-cloud environments. The best part? We help reduce IT overhead expenses with our fixed pricing model. Request a demo below to get started.


Written by Peter Burg

Peter Burg is Director of Business Development at AgileBlue, partnering with organizations who are looking for ways to make IT and cybersecurity work. Peter currently resides in Minnesota and is a big baseball fan.

October 24, 2022

You May Also Like…

Request a Demo

AgileBlue is a software company with an innovative SOC-as-a-Service for 24X7 network monitoring, cloud security, data privacy and compliance.

Our modern SOC-as-a-Service is built on innovative machine learning and autonomous execution. If you would like to discuss our SOC-as-a-Service, Partner Program or schedule a brief demo please give us a little info and we will contact you immediately.