Ransomware on the Rise: How Cyber Attacks Threaten K-12 Schools

Back to blog posts
Written By: J. Lasswell
March 21, 2024

Schools are unprepared and underfunded to face this novel cyber threat.

Schools are easy targets for hackers. These cybercriminals, often operating from outside the US, have used their more sophisticated methods to exploit vulnerable school networks, as school districts often employ outdated, unsecure software to house their data. This allows sensitive student and staff data–which can include addresses, social security numbers, and healthcare information–to be accessed and used as collateral against school leadership, extorting them for millions of dollars.

This surging cyber attack, called “ransomware”, targets organizations for their data, blackmailing them with the releasing of this sensitive information. The unknown lawsuits, liabilities and resulting costs of such an event are in staggering comparison to a one-time ransom payment, and school district leadership have historically deferred to the latter option. Just like the enormous emotional toll that enacting a physical attack on school children elicits, these cybercriminals recognize the higher value we put on student information, and that this value can be extorted for even more money. School districts, whose budgets are famously stretched thin, cannot afford to leave this information unprotected.

In the last year, cyber attacks on school districts have doubled.

These attacks are not unique to schools, as they affect healthcare institutions, industrial facilities, and even our energy transportation infrastructure. New Zealand-based cybersecurity company Emisoft estimates that these attacks result in the death of one person per month.

Four common cyber attacks target K-12 schools:

  • Phishing: Tricky emails or texts steal logins and data.
  • Ransomware: Hackers lock schools out of their data, demanding a ransom to unlock it.
  • DDoS Attacks: A flood of internet traffic overwhelms the school's network, shutting down online access.
  • Video Conferencing Disruptions: Intruders crash online classes or disrupt them with spam.

There are no clear collaborative channels to aid schools in resisting cyberattacks. Federal aid to K-12 cybersecurity is fragmented – while three federal agencies fall under the purview of assisting schools in these attacks, there's no clear coordination or way to measure its effectiveness. A US Government Accountability Office study estimates that cyber attacks on schools cause up to three weeks of learning loss and nine months of recovery, on average. This leaves schools scrambling to navigate these attacks on their own, putting student information and education at risk. The study also found that the number of students affected by ransomware attacks jumped from 39 in 2018 to 1,196 in 2020.

With schools losing between $50,000 to $1,000,000 per ransom, many experts are pushing for a global ban on the payment of these ransoms as a long-term deterrent. While short-term solutions are being developed to address how these attackers are able to access these networks, experts in the cyberdefense space agree that there are two choices: halt ransom payments to end ransomware attacks, or suffer ongoing financial and human losses while seeking other solutions.

Allan Liska, a threat intelligence analyst at Recorded Future, recently said, “A ban on ransom payments will be painful and, if history is any guide, will likely lead to a short term increase in ransomware attacks, but it seems like this is the only solution that has a chance of long term success at this point. That is unfortunate, but it is the reality we face.”

This opinion is a departure from Liska’s statements last year regarding legislation prohibiting the payment of these ransoms. “I’ve resisted the idea of blanket bans on ransom payments for years, but I think that has to change. Ransomware is getting worse, not just in the number of attacks but in the aggressive nature of the attacks and the groups behind them,” Liska said.

Liska's stance against ransom payments gains weight, as in 2022, both Florida and North Carolina banned the public sector from paying these ransoms, with NC additionally requiring all agencies to immediately notify the North Carolina Department of Information Technology (NCDIT) when an attack is imminent. This prohibition has resulted in promising results: a full year without cyber attack ransoms.

The surge in cybercrime and data ransom poses a significant concern for everyone, but schools stand out as particularly vulnerable targets. The potential compromise of student information, school data, and other valuable data assets that can put students and teachers directly at risk cannot be understated or ignored. While there is optimism that banning ransom payments might deter hackers, recent years have highlighted the urgent need for a complete overhaul in our approach to data security. 

Next week, we'll explore a cutting-edge data security solution, zero-trust architecture, aimed at safeguarding our clients' data at Drift Net. Stay tuned for more details on how we at Drift Net are addressing the totality of threats, from physical security to data security!