Schools that haven’t already reopened this year will be reopening this week, which makes this a great time for ransomware gangs to strike. All school districts should be hypervigilant and make sure they have a rapid response plan and an emergency backup plan in place.
A number of school districts have already been reporting attacks in the past weeks. The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a threat highlight for the education sector that noted, in part:
Within the last few weeks, publicly announced ransomware attacks sharply increased and included Cleveland City Schools in Tennessee, Clifton Public Schools, the Prince George’s County Public Schools – one of the largest US school districts with approximately 130,000 students in the Washington D.C. area – and the University of Michigan, just three weeks after the MOVEit data theft attack impacted Michigan State University.
Read the full NJCCIC threat highlight report. The Data Breach Times notes there have already been more school districts reporting attacks. Here are three more recent incidents:
The Carlisle Area School District in Pennsylvania shut down systems proactively while investigating a possible cyberattack. According to an email obtained by abc27 from the district, the school was notified by federal government officials that its internet system was infiltrated with ransomware.
Another Pennsylvania school district was also hit by ransomware. The Chambersburg Area School District closed school for three days as a result of the disruption to their systems. Rather than being forthright with parents and the community, the district would only refer to it as a “temporary network disruption” or “computer network issue.” Their reluctance to be more forthcoming frustrated parents.
Lawrence Public Schools in Massachusetts is trying to recover the $2.7 million dollars they paid to criminals posing as a vendor in a phishing attack. The incident was first reported in the Eagle-Tribune.