IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Sponsor Content
What does this mean?

School’s (Locked) Out: Defending Against the New Ransomware Threat

Ransomware Cyber Security Email Phishing Internet Technology Lock Vault Protection 3d illustration

Preparations for the fall must include strategies to defend against the rising tide of ransomware and other security threats.

With schools planning for the 2021-2022 school year, a threat already impacting districts across the country is on many district leaders’ minds. Ransomware is proving to be a thorn in the side of the federal government, health-care institutions, IT organizations and school districts.

Since December of last year, many of the nation’s top cybersecurity organizations, including the FBI, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have received numerous reports of ransomware attacks against K-12 educational institutions.

MS-ISAC data shows a dramatic increase in ransomware incidents involving school districts at the beginning of the 2020 school year. In August and September, 57 percent of all MS-ISAC reported ransomware incidents involved K-12 schools – nearly doubling the percent reported from the first half of 2020.

By now, most of us are familiar with the destructive and devastating impacts of ransomware. When bad actors attack educational institutions, they can prohibit system access or even render basic system functions inaccessible. With control over school networks, they steal or threaten to leak confidential student data. If these attacks are successful, they can grind both school systems and classroom learning to a halt.

Preparations for the fall must include strategies to defend against the rising tide of ransomware and other security threats, with awareness and education as well as a comprehensive security strategy for learning that may take place from anywhere.


Although ransomware attacks often start with an approach as common as phishing, bad cyber actors have adapted, using sophisticated social engineering tactics and phishing in places that even the savviest of users aren’t expecting.

Users need to understand that desktop computers aren’t the only place phishing occurs. Mobile devices and Chromebooks also provide access to the same systems and information hackers seek and can be easier targets for phishing. Threats on mobile devices are more challenging to identify due to their smaller size and the confined interface, requiring users to be especially careful of the links they visit. Applications are another consideration, as users often accept permissions for data access that may put both school and personal data at risk.

Good security training should acknowledge that it’s not just email that can be a tool for cyber criminals — it’s also social media, text messages and apps. Informing users of potential risks and precautions when using connected devices can add one extra layer of protection to their district.


Albeit crucial, training is still not a substitute for sound security policies; districts need to look at existing policies and protections to ensure systems are secure even when users make mistakes or bad actors enter from another route. In today’s more connected and dispersed learning environment, protections must consider the broader attack surface and extend to mobile devices and the cloud.

Just as user education needs to extend to mobile devices, adequate modern endpoint security must as well. Mobile protection should identify and prevent device risks from phishing, malware and network-based threats, alerting users when they’ve encountered a risk.

Threat hunting capabilities should also extend to identify and stop known and unknown threats on mobile devices, tablets and Chromebooks.

When it comes to the cloud, your organization needs to understand what’s happening. The most common way for an attacker to deploy ransomware is by stealing credentials and moving laterally within your infrastructure. Technologies like cloud access security broker (CASB) monitor your users and data to identify abnormal behavior so you can identify a compromised credential or insider threat.

Navigating the intersection of remote learning and hybrid in-classroom approaches is a new challenge for today’s students and teachers. The reality is that bad actors will take advantage of any situation to profit through ransomware. The key to preventing and mitigating risk is communicating security risks and implementing proper security to keep school districts safe.