While cyberattacks on public schools have intensified over the past year, ransomware attacks—in which hackers use malware to lock districts out of their own computers until a ransom is paid—have dramatically increased. Some district leaders pay to have their systems released, while others don’t and attempt to repair the damage in-house.
According to a recent report by Armor, a cybersecurity company, more than 500 schools have been impacted by ransomware attacks already in 2019, ZDNet reported. Overall, 54 educational entities, including school districts and colleges. have been infected, with a spike coming around the September return to classes. Antivirus maker Emsisoft released a similar report, claiming to have identified 62 ransomware incidents impacting more than 1,000 schools and higher education institutions. Both reports signal a dramatic increase over the 11 ransomware-specific incidents reported for all of 2018 by the K-12 Cybersecurity Resource Center.
In Arizona’s Flagstaff USD, 15 schools were closed and classes cancelled for two days because of a ransomware attack in September, The Arizona Daily Sun reported. No specific amount was asked for by hackers, although untraceable contact information was provided. Rather than pay, district IT personnel cut off access to the internet and then scanned, cleaned and installed new malware protection on every device used by all teachers and staff.
More from DA: Top 5 cyber threats for school districts
This past summer, officials in the Wyoming Area School District in Pennsylvania paid $38,000 to end a ransomware attack, according to The Citizens’ Voice. Hackers encrypted and locked the district’s computers until the ransom was paid, at which point, codes were provided and computers were freed. The recovery only cost the district $10,000 because it had insurance to cover the other costs involved. “They got in through a brute force attack on an outside port, and we’ve since closed off all access to that,” Technology Director Jason Jones told The Citizens’ Voice.
Rockville Centre UFSD in New York wasn’t as fortunate—the district had to pay nearly $100,000 after ransomware shut down its network in August, CBS 2 News reported. Administrators had to comply in order to get the district’s communications system and day-to-day operations up and running again.
Oxford School District in Mississippi was shut down for a month and a half during a ransomware attack in 2016 in which hackers infected 80 computers with malware, and then demanded $9,000 in bitcoin to remove it. The district did not pay the ransom, Superintendent Brian Harvey told District Administration, instead opting to wipe clean its servers and re-install software and operating systems.
More from DA: How schools outsmart the hackers
“It really put us back a decade in how we were doing things” said Harvey.
The district now has system redundancy with offsite backup servers so if it falls victim again, the network can be rebooted within a day without having to pay a ransom.
“Cybersecurity is not an IT problem,” Harvey added, noting the need to keep staff mindful of cybersecurity threats and consistently reviewing policies.
A ransomware response plan should include isolating infected computers, alerting other users, securing backup systems and notifying law enforcement, according to the U.S. Department of Justice. Afterward, all user and network passwords should be changed.
Resource: FBI cybercrime advice