Ransomware Attacks on School Districts

Topics: Small Business

Summary: Ransomware attacks have been targeting school districts across the country, causing school delays, network disruption and millions of dollars in ransom costs. Cyber liability coverage is one way to help protect schools from cybercriminals, and there are a few other steps schools can take to help prevent ransomware attacks.

Ransomware Attacks on School Districts

To help slow the spread of the coronavirus, companies across the country switched to working from home and many schools closed their doors, leaving computer networks stretched to the limit. Infrastructure systems became easy targets for cybercriminals throughout the pandemic. Even before the outbreak caused the changes in the way many businesses and schools operate, cyber attacks grew 273% in the first quarter of 2020 compared to the same time in 2019. Experts predict this number will only increase.

Ransomware Attacks in Schools

On top of switching to remote learning to reduce the spread of coronavirus, many school districts across the U.S. have also had to deal with cyber attacks that have forced the shutdown of critical technology systems. Teachers and students require remote access connections to log into classes for instruction, opening up these systems for cyber attacks. One common type of cyber attack schools face is ransomware, where a hacker takes over a school district’s computer systems and hold them “hostage” until the district pays a ransom or can restore the system on their own.

Ransomware attacks on K-12 school districts have been on the rise. Since 2016, there were at least 1,062 reported attacks on school districts across the U.S. 53 school districts have been attacked so far in 2020, costing over $7.5 billion, and since July, at least 16 school districts have been victims of ransomware attacks. Extortion demands from cybercriminals have risen, costing taxpayers millions of dollars in cash and cyber currency.

In just the last few months, ransomware attacks have victimized large school districts across the country, causing them to delay their school year and, most recently, cancel online classes. In some situations, the cybercriminals “hold” students, teachers, and administrators' personal data, salary and more. Some of the school districts impacted include:
  • Hartford, Connecticut: A ransomware virus caused an outage of critical systems, including those that communicate bus schedules and routes, causing delays in the first day of school and online classes.
  • Somerset Hills School District in New Jersey: A ransomware attack targeted the schools’ network systems forcing the school district to shut down on the second day of classes.
  • Fairfax County, Virginia: The school district was a victim of a ransomware attack during the first week of classes that didn’t disrupt remote learning, but it infiltrated student, staff and faculty data from the school’s network.
  • Clark County, Nevada: A ransomware attack targeted the largest public school district in Nevada, focusing on the personal data of current and former teachers.
  • Athens Independent School District, East Texas: A cyberattack hit the district’s network, including blocking teacher communications and student assignments. Hackers demanded a $50,000 ransom to unlock the data.

How to Prevent Ransomware Attacks in Schools

School district administration teams should embrace cybersecurity best practices to protect their schools from cyber attacks. Here are a few things school districts can do to help protect themselves from cyber attacks like ransomware:
  • Backup data: Back up essential data offline frequently. Being able to restore locked data is a significant factor in determining whether a school district can or should pay a ransom.
  • Train employees: Ensure the staff is trained on recognizing phishing emails and other types of cyber attacks.
  • Develop an incident response plan: School districts should have a data breach policy to help prepare for and prevent cyber attacks. The policy should include whom, how and when personnel should report an incident and what should be done in response. The policy procedures must be explained to everyone in the school district, from the students to the administrators, and be led by someone who is experienced in responding to data breaches.
  • Implement multi-factor authentication: To protect network access, schools should implement multi-factor authentication processes. This requires users to have two or more credentials as authentication before they are allowed access to a website or app.
  • Require strong passwords: Create a strong password policy that requires users to update in regular intervals and suggest best practices, including passphrases, sequences and having different passwords for multiple accounts.
  • Apply software patches and updates: Network users should apply software patches and updates as soon as possible. Hackers can exploit systems that don’t install patches properly easier than those that are updated.

Ransomware Attack Response Best Practices

What happens if your school district is a victim of a ransomware attack? Consider the following data breach response steps to help minimize the damage:
  • Identify what was attacked: The IT team needs to pinpoint what part of the network and which data has been attacked, to not rely on what the ransomware attackers say what was infected. The IT team also needs to look for possible future threats.
  • Shut down all systems: As soon as a ransomware issue has appeared, IT teams should shut down all systems to help prevent the spread of further damage, then restart as necessary to check the system.
  • Activate a disaster recovery plan: Follow the cyber attack processes set up in your disaster recovery plan. This plan should also be tested to adjust to issues as they arise.
  • Keep communication open: School and IT leaders should openly communicate with the school community and media about the damage from the cyber attack and the recovery process. Communication could include texts, press releases and social media messages.
  • Train the staff: Experts recommend that cybersecurity awareness is essential training as part of the K-12 curriculum as a preventative measure for a cyber attack. Children and staff need to understand the importance of password security and to not click on links or download files in suspicious emails. Everyone in the system should know what they need to do should a ransomware attack occur.

Cyber Liability Insurance from AmTrust Financial

AmTrust Financial offers cyber liability insurance to help protect schools from some of the costs associated with various cybersecurity attacks, including ransomware. AmTrust is committed to evolving our coverage as new cyber threats emerge for our customers. To learn more about our cyber liability insurance policies, please contact us today.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones