K-12 ransomware attacks: Three things every district should know

K-12 school systems have become prime targets for ransomware attacks, especially as the number of devices used for learning has multiplied during the pandemic — and this means it’s critical for districts to have strong safeguards in place to protect their networks.

Ransomware attacks involve malware that encrypts important files on a victim’s computer or network and holds them for ransom. The attackers demand a payment in cryptocurrency to an anonymous account to prevent the permanent loss of the files, or damage to the software on the affected system. Recently these attacks have evolved to include the theft and exfiltration of private and sensitive student data or personal information. This data may be hoarded in secret by the attacker, and used to demand a second ransom payment, sometimes months after an initial ransom is paid. The attackers threaten to release the sensitive data to the public in what is known as a double extortion.

Here are three facts about K-12 ransomware attacks that every district leader should know:


1. The number of ransomware attacks on K-12 networks has risen dramatically.

Cyber attacks of all kinds against K-12 networks were growing in frequency even before the pandemic. Prompted by the shift to remote learning last year, the deployment of thousands of new digital devices for learning has created new opportunities for cyber criminals that have made security risks even greater.

According to a report issued earlier this year by the K-12 Cybersecurity Resource Center, there were more than 400 publicly disclosed security breaches in 2020. That’s an 18-percent increase from 2019 — and at least 50 of those incidents were ransomware attacks. What’s more, 2021 is on pace to exceed that. Security magazine reports that at least 44 ransomware attacks on public school systems occurred during the first four months of 2021 alone.


2. Not only are K-12 ransomware attacks growing in frequency, but they’re also becoming larger and more sophisticated.

While the number of attacks should be concerning to K-12 leaders, it appears these incidents are also increasing in severity. Cyber criminals aren’t just looking to hold K-12 networks hostage; they’re now stealing data as well. This increases the leverage they have over the school district to pay their ransom demand, and whether or not the ransom is paid, the perpetrators can also try to profit from the stolen data.

“Across seven districts that were victimized by this tactic during 2020, the personal information of at least 560,000 current students and 56,000 current staff were exposed,” the K-12 Cybersecurity Resource Center says. “However, given the fact that districts maintain records of former students and staff as well, the actual number of potentially affected individuals could be five to 10 times higher.”

The amount of money that cyber criminals are demanding in K-12 ransomware attacks has risen dramatically as well: In Broward County, Florida, hackers demanded $40 million in a recent ransomware attack.


3. Large urban and suburban districts are most at risk, but any K-12 school system could be victimized.

“Larger school districts are at a significantly greater risk for experiencing a cyber incident than other types of school districts, as are school districts located in more densely populated parts of the country,” the K-12 Cybersecurity Resource Center says. This is because larger school systems are managing more digital devices than smaller ones, and they have more students and employees using technology — resulting in a larger threat profile.

But that doesn’t mean smaller school systems aren’t also at risk. “School districts from all 50 states have suffered significant cyber incidents, from small and rural districts to the largest school districts in the nation,” the center notes.


Preventing K-12 ransomware attacks

The first steps in safeguarding school networks from ransomware attacks are the same as they are for protecting against other forms of cyber attacks: Keep all networked computer systems up to date with the latest security patches and educate both students and employees about cyber security best practices — including how to choose secure passwords and how to recognize potential phishing scams.

School systems also need robust defenses against ransomware attacks and other malware. ContentKeeper’s Cloud Filtering and Security Platform  provides one such defense.

A secure, cloud-based system that gives students the same protection and administrators the same comprehensive visibility and control whether students are learning inside or outside of school, regardless of what device or web browser they’re using, ContentKeeper can help protect against known and unknown forms of malware.

The system also can be configured to block IP addresses linking to unknown locations, and web domains that are new or very recent, which protects against newly emerging threats. In addition, ContentKeeper’s App Defender feature blocks more than 90 suspicious apps and protocols that are commonly used to circumvent web filters or surf the web or dark web anonymously. When students do this, they’re essentially poking a hole in your network that hackers can use to launch a ransomware attack or introduce other malware.

You can learn how ContentKeeper helps districts provide protection against ransomware here. And for more advice on how to prevent ransomware attacks, check out the K-12 Cybersecurity Center’s list of security resources.


About the Author: David Wigley Co-Founded ContentKeeper Technologies in 1997 and serves as its Chief Executive Officer. David has many years of experience in software engineering, sales and management within the Computer Security Industry.