How this criminal ransomware group is creating headaches for schools

A joint cybersecurity advisory warns districts of a group known as Vice Society, which has been "disproportionately targeting the education sector" in recent weeks.

This is beyond physical security. It’s school safety digital. School safety 2.0. And based on recent trends, it’s been highly anticipated.

The education sector is now the most targeted industry for cyberattacks, contributing to more than 80% of malware attacks in July, according to an August report from Atlas VPN, a leading VPN provider.

Now that school has just begun for nearly every district in the country, this is a terrifying statistic.

One school safety expert told District Administration that schools ought to prepare for a difficult year regarding physical threats, such as shootings. But now there’s a new threat, and cybersecurity experts are telling districts to anticipate increased ransomware attacks.

The warning comes in light of a ransomware attack on the nation’s second-largest school district. Over the weekend, the Los Angeles Unified School District was targeted, resulting in a shutdown of the district’s computer systems. The district mandated password changes for 540,000 students and 70,000 district employees.

According to a joint cybersecurity advisory released Tuesday by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Agency and the Multi-State Information Sharing and Analysis Center, district leaders are being warned of a criminal organization known as Vice Society, which has been “disproportionately targeting the education sector with ransomware attacks,” the advisory states.

The same organization targeted the Linn-Mar School District in Marion, Iowa, in early August. The group demanded the district purchase a “unique private key” or risk losing confidential information. According to the advisory, there’s more to come, and everyone is at risk: “The FBI, CISA, and the MS-ISAC anticipate attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.”

“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put districts with robust cybersecurity programs at risk.”

More from DA: 9 ways school leaders can encourage students to report violent threats

Schools are such a valued target among cybercriminals, the advisory says, due to the amount of sensitive and confidential student data that is accessible through school systems.

The FBI offers a detailed list of safety measures schools can implement to mitigate the risk of ransomware attacks, but here are three steps districts can take today to prepare:

  1. Prioritize and remediate known exploited vulnerabilities.
  2. Train staff to recognize and report obvious phishing schemes.
  3. Implement multi-factor authentication

“The FBI and CISA recommend organizations, particularly the education sector, establish and maintain strong liaison relationships with the FBI Field Office in their region and their regional CISA Cybersecurity Advisor,” the advisory writes.

Micah Ward
Micah Ward
Micah Ward is a District Administration staff writer. He recently earned his master’s degree in Journalism at the University of Alabama. He spent his time during graduate school working on his master’s thesis. He’s also a self-taught guitarist who loves playing folk-style music.

Most Popular