Email Security Intelligence - Ransomware Attacks on Schools Average 3 Weeks Downtime, 9 Months to Recover

Ransomware is a dangerous type of malware created to deny access to files through encryption until a set amount of currency is met, hence the name ransom-ware. The most common channel of attack is through email, using tactics such as phishing to lure users using fraudulent email attachments to block files.

If the monetary needs are not met, attackers will threaten to sell or leak private information either on a personal or corporate level. In 2020, ransomware payments reached over $400 million globally and hit $81 million alone in the first quarter of 2021. It is not only just a business's money that is affected but also a disruption to a company's operations, their reputation, and security. A ransomware attack at the wrong time can completely halt any work from getting done and it won’t go unnoticed. News will surface, the public view of the business will shift and more will need repairing than just the servers. This is not limited to any particular type of business either. Medical information from hospitals, critical government data, and even law enforcement information are all common targets but one that is crucial is becoming more popular. 

By the end of 2022, 44 colleges, 45 school districts and millions of students were attacked with ransomware, resulting in thousands of dollars lost and private information swept out in the public. Students are left confused and without access to services and colleges are forced to quickly resolve issues by any means (usually paying the ransom amount). Educational institutions are a popular target due to the timeliness required to keep things moving. Systems running hundreds of student accounts all used daily to progress through the acransomware schoolsademic year becomes a hotspot for stealing personal information. Knowing the backing some of these colleges have as well, there is certainly a lot of money to be made. Later in this article, the impact on both students and schools is discussed as they try to navigate their way through an attack. From private student information to paying hefty college fees, attackers have realized there is something worth taking and ransomware was their answer. 

The Impact of a Ransomware Attacks on Students and Educational Institutions

There's a second side to every coin, and ransomware attacks on public education are no exception. Students are the ones caught in the crossfire between schools and hacker groups attempting a take over. For students, education comes to a complete stop. Access to online tools such as class access or video applications is gone along with servers crashing or files inaccessible. According to a recent Government Accountability Office (GAO), downtime usually lasts between 3 days to 3 weeks. Recovery time alone could takeRed word "Ransomware" hidden in the middle of a binary code sequence. anywhere from 2 to 9 months. Within the last 5 years, schools have begun to incorporate technology more by giving students school-issues laptops, personal school accounts, and online learning. This was only reinforced by the Covid-19 pandemic as learning was moved remotely, which is now an option for those who’s schedules do not allow for commuting to classes. With technology so heavily integrated, the risk for potential data theft and a shutdown of services from ransomware attacks only increases. For educational institutions, those who do pay the ransom have paid anywhere between $5,000 to $40 million, with an average payment of $268,000. A recent Sophos survey found that remediating these attacks costs lower education roughly $1.58 million while higher education is around $1.42 million for services, upkeep and ransom pay. Even if schools do pay the ransom, it is not a guaranteed way of retrieving lost data. About 61% of schools retrieve most of their data with only 4% getting back all their data. To assist with these attacks; there are multiple federal cybersecurity agencies to help. Though there is no proper communication between the agencies or schools to address attacks or protection with no way to measure effectiveness between both parties creating an inadequate environment. 

Notable Recent Examples of Ransomware Attacks Targeting Educational Institutions

This past December, Bristol Community College in Massachusetts was one of these targets. All of their online services from accessing classes to email services were disabled resulting in a school-wide blackout for a week. Just a town away, another Massachusetts school in Swansea was struck by a ransomwareRansomware LA School District attack resulting in more canceled days. Throughout 2022, Iowa saw multiple attacks from three different school districts. A ransomware group had encrypted data in the Linn-Mar school district which was first reported as “technical difficulties” but it was soon announced that if the ransom was not met, important documents would be uploaded to the dark web, a hidden malicious corner of the internet. Information from over 500,000 students and faculty was released from Chicago Public Schools in 2021. Data included students' names, dates of birth, ID numbers of students, and all course information from previous years. The Los Angeles Unified School District suffered one of the largest educational attacks of 2022 due to their size with more than 1,000 schools and 600,000 students in the area. The group Vice Society claimed responsibility, a Russian group known for double-extortion tactics abusing Windows’ operating system. Students, and teachers lost access to Google Drive and their emails which brought any chances of learning to a stop until services could be restored over the coming weeks.

Best Practices to Protect Against Ransomware Attacks on Schools 

With attacks rising into the hundreds in 2022 (not to mention all of the attacks that have gone unreported), it can be assumed these events will continue to rise as the new year progresses. Schools have begun to roll out multifactor authentication from K-12 to a college level as an attempt to protect students but it will take a lot more to defend. There are debates on cyber insurance that, much like any insurance, would provide reimbursement for those who had come under attack. There is a lot of information that needs protecting like student records, health care information, and various identifications but proper care on both the school and student side will go a long way. To start, schools should not undermine the importance of cybersecurity. Schools can use the technology to their advantage by blocking domains, stronger account protection (like multi-step authentication) and keeping both hardware and software as up-to-date as it can be. Not every school has an abundance of IT support which is when outsourcing shines. Outsourcing email protection and automating certain services can be a successful way to reduce demand from school staff and offer a middle-man for even more protection. Another practice would be to get students and staff themselves involved. By keeping all users up-to-date on best security practices like strong passwords, anti-virus scans, and general internet browsing safety would go a long way. 

Watch: Top Tips to Protect Against Ransomware 

Final Thoughts

Ransomware attacks have infested the world of academia and frustratingly it will not be going anywhere for the foreseeable future. As attacks and demands rise into 2023 more and more institutions and businesses fall the need for new solutions is needed now. For schools, these attacks threaten finances and the safety of students as private information like identification and health care information are leaked onto the web. For students from kindergarten to college, these attacks stop their education and leave a web of issues for them if their information leaks. Changes are being made like multi-step authentication and outsourcing protection but it is up to everyone to chime in and keep themselves and others protected from these ransomware attacks. 

Keep Learning

Must Read Blog Posts

Latest Blog Articles