IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Why School Systems? The Rise of Ransomware in Public Schools

Due to their wealth of data and limited budget for cybersecurity staff and training, schools have drawn the eye of hackers. Experts recommend backing up data and investing in cybersecurity training and preparedness.

Ransomware is increasingly being aimed at school districts across the country. 

In July alone, the cyberattacks affected systems in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut and New York. But these attacks have occurred throughout the year and show no signs of slowing, striking anywhere hackers can find an open door or window. 

The recent wave is part of a larger uptick in ransomware attacks on governments across the nation. A report published in May showed a record high number of attacks on state and local governments — with some 170 attacks since 2013, 22 of which occurred this year alone. 

These cyberincidents, often crippling to the affected agency or jurisdiction, have frequently left service delivery at a standstill and administrative systems facing long recovery periods. Baltimore, for instance, is just getting its water billing system up and running three months after its own encounter with one of the financially motivated hacks

Lee McKnight, an associate professor at the School of Information Studies at Syracuse University, said that with the rise of this trend, school districts are attractive targets because of their relative vulnerability. 

“The principal reason is that it’s a relatively easy target to aim for,” he said, explaining that school systems typically suffer from a fairly limited IT staff, older equipment and less-than-optimal cybersecurity expertise. 

Several of the recent attacks occurred not far from where McKnight works — with ransomware incidents affecting the Syracuse school district and the Onondaga County library computer system

In many cases, rehabilitation can be a lengthy, arduous and costly process. 

In Lyon County, Nev., for instance, the school district is just getting back online after ransomware in June knocked out its email, Internet and VoIP-phone lines, said Superintendent Wayne Workman. Despite the fact that the district's insurance carrier paid the hackers a ransom in cryptocurrency, some of the services are still locked up by the hacker malware, according to the Reno Gazette Journal

"I've become a little more familiar with it [ransomware] than I ever really wanted to be," Workman said, speaking with Government Technology. "It affected our entire network. ... It locked down stored information that was important to us in our internal system," he said.

The district had not backed up its data, which contributed to the complications in recovery, Workman said. Meanwhile, factors like the geography of the school district made the rehabilitation efforts even more difficult. 

"In this restore and recover phase, our IT guys have been going from one end of our district to the other [some 95 miles south]," said the district's public information officer, Erika Cowger. "It's rural Nevada, so we're spread out."

McKnight, who has spent his career studying cybersecurity, said that school districts can't help but be outgunned when they face these types of cyberattacks. 

“This is not random. It’s a business. It’s an enterprise, or multiple enterprises,” he said, emphasizing that typically the teams that target cities or school districts are frequently made up of a combination of professionals. “It’s amateurs at the school district-level going up against professional hackers. ...There’s a big black market devoted to this.” 

Recently, the cybersecurity firm CrowdStrike linked many of the more prominent Ryuk-strained attacks to a professional hacking group in Eastern Europe known as Grim Spider. Known for engaging in the practice of "Big Game" hunting, the group intentionally targets large institutions to seek high-yield returns, according to the company.  

To prevent hacks, experts recommend backing up data, while also investing in proper cybersecurity training and preparedness. School districts can also engage in security audits to identify weak areas and patch systems that may have vulnerabilities, according to experts. Of course, all of this is easier said than done. 

McKnight said that there must be a paradigm shift in how organizations think about their data and its security. This includes consistently investing in secure cloud infrastructure where organizations can back up their data. 

"Whichever vendor or supplier that a community needs, that's just kind of an expense that needs to be planned for," he said, of cloud architecture.  

Fostering regional commitments to education around dangers and security is also important, he said. 

"Schools need to begin thinking of themselves as being part of a cyberphysical system," he said. Focusing on vulnerabilities — both physical and digital — and how to patch them, will give officials a better road map for success against these types of attacks.  

“Right now, we’re in a whack-a-mole situation, in which it’s too easy to get in,” said McKnight. “If you’re the type of groups I was talking about, this is not hard work. It’s good money.”

Lucas Ropek is a former staff writer for Government Technology.