A ransomware attack shut down Baltimore County schools for several days in November 2020 and other prominent attacks have hit schools in Miami, Toledo and Huntsville. Schools are getting hit with a barrage of increasingly menacing ransomware attacks, worsening the damage to children’s education brought on by the pandemic and hurting their ability to cling for some sense of normalcy in the fall. It’s part of a surge in attacks by hackers demanding ransom payments that has halted operations at critical industries across the nation.
Schools are forced to face these attacks with poorer cyber defenses than the average private company and with far more vulnerabilities that hackers could manipulate and exploit. Schools that will still be operating at least partly remotely in the fall will be even more vulnerable because every remote student’s laptop is a potential entry point for hackers to worm their way in and infect an entire school’s network.
Before the pandemic, schools were already embracing technology more quickly than they were developing proper cybersecurity measures for it. That situation got far worse when schools shifted to remote and hybrid learning last year.
That gap in protections is often worse at schools with less funding and in lower-income districts that have less money to invest in cybersecurity. Ransomware groups may also target schools because they think they’ll be desperate to start classes again and more likely to pay a ransom without much pushback.
There’s no reliable data for how often schools pay ransom demands, though there are some high-profile cases in which hackers punished schools for refusing to pay. For example, hackers posted 26,000 files from the Broward County, Fla., school district online after it refused to pay a ransom.