NewsNation

Hackers target schools as ransomware attacks rise

(NewsNation) — As districts increasingly rely on technology to conduct operations, cyberattacks on K-12 schools are rising.

At least 48 districts have been hit by ransomware attacks in 2023 — already three more than in all of 2022, according to the cybersecurity firm Emsisoft. All but 10 had data stolen, the firm reported.


Last year, ransomware attacks on U.S. schools and colleges cost nearly $10 billion in downtime alone.

Here’s how it works: Hackers, often linked to Russia and China, steal data using network-encrypting malware when an unsuspecting teacher or school administrator clicks an infected email or attachment.

The virus then prevents access to systemwide data, including social security numbers, financial data and students’ confidential information. The hacker threatens to put that information online unless they’re paid in cryptocurrency.

“Schools are especially vulnerable because kids have to go to school,” said Paul Bischoff, editor and consumer privacy expert at Comparitech. “You can’t have kids out of school for weeks at a time and expect the school system to function and parents to be happy.”

Bischoff said most of the time hackers are just getting basic information like names, addresses and email addresses. Those details may not have a direct financial impact on the students, but it could leave them vulnerable to future attacks, either from sexual abusers or thieves, he pointed out.

Just last week, the Cleveland City School District found ransomware on some of its schools’ devices. Preemptive measures like backing up its system were able to minimize the disruption.

In other cases, school districts haven’t had the same results.

In March, ransomware gangs dumped 300,000 files online after Minneapolis Public Schools refused to pay a $1 million ransom. The leaked confidential information included descriptions of student sexual assaults, psychiatric hospitalizations, abusive parents and even suicide attempts.

According to Comparitech, 65 ransomware attacks last year affected more than 1,400 schools and colleges, impacting roughly a million students. In three cases, hackers demanded anywhere from $250,000 to $1 million, but most schools never disclose the ransom demand for fear of being targeted by other attackers.

Earlier this month, the White House held its first “cybersecurity summit” to take a closer look at the problem.

Bischoff said it’s important school staff are trained to identify phishing emails and other things that can let in hackers. People should also make sure their antivirus software is up to date and regularly back up their data, he noted.

“Store those backups off-site where they can’t get hit by ransomware attacks,” he said.