Cybersecurity Snapshots #25 - Schools and Universities Targeted by Hackers During Pandemic

Cybersecurity Snapshots #25 -

Schools and Universities Targeted by Hackers During Pandemic

According to researchers, ransomware attacks hit schools and colleges harder than any other industry during the first year of the pandemic. Malicious actors look for easy targets, and education institutions often struggle to find enough skilled workers to defend their growing IT needs. For K-12 schools particularly, a lack of adequate funding also limits their ability to defend themselves properly against threats. In 2020 researchers found that including the costs of downtime, repairs, and lost opportunities, the average ransomware attack cost educational institutions $2.73 million. That is 48% higher than the global average across all sectors. Ransomware attacks alone impacted 1,681 U.S. schools, colleges, and universities in 2020. From November 23 to December 23, 2021, educational organizations were the target of over 8.3 million malware attacks, or almost 69% of all such attacks recorded by Microsoft in those 30 days. At the moment, there is no sign that education organizations will be targeted less in the year to come.



In March 2020, the Sheldon Independent School District in Texas, which is home to 10,000 students, experienced a ransomware attack and paid nearly $207,000 in ransom after hackers locked officials out of critical software systems, blocking access to emails, important staff data, and security cameras. In September 2020, Newcastle University in Tyne, England, had its systems breached by the DoppelPaymer ransomware gang, exposing the data of staff and students. Also in September 2020, Clark County, a Las Vegas, Nevada school district serving 320,000 students, became the largest school district to fall victim to a ransomware attack since the beginning of the COVID-19 pandemic. In October 2020, a ransomware attack occurred against Las Cruces, a public school system in New Mexico, which shut down computers and networks across the district. The school district's IT teams reportedly reacted quickly, shutting down all computers immediately after detecting the attack to evaluate the extent of the damage and develop a remediation plan. In November 2020, schools in Baltimore County, Maryland, were hit with a ransomware attack that forced the district to cancel remote classes for its 115,000 students for a couple of days. The attack affected the district's websites and remote learning programs, as well as its grading and email systems. A public school district in Mississippi's capital city is implementing new cybersecurity measures after a ransomware attack affected its servers last year. Since the February 2020 attack, Jackson Public Schools has implemented a cyber-education program for employees and a new anti-virus and malware protection program. The school district also installed a multi-factor authentication system for key employees and improved network infrastructure and security.



Significant ransomware attacks also affected schools in 2021. The University of California (UC) fell victim to a ransomware attack, where an unauthorized individual copied and transferred UC files by exploiting a vulnerability in Accellion's file transfer service. The stolen information included names, birthdates, social security numbers, and bank account information. Stanford University School of Medicine was also breached because of adversaries exploiting a vulnerability in Accellion's file transfer service. A ransomware attack affected Howard University, which left its systems down for a couple of days. The school did not pay the ransom demanded by the adversaries and discovered that no personal information was exposed during the incident.



Matt Donahue, a compliance and risk analyst at technology solutions and IT services provider SentientDigital, said that the issue is becoming so common because many schools are unable to install strong enough security measures. Donahue noted that, in the future, schools should be maintaining encrypted backups of all data and regularly testing their usage. He noted that they should also be stored offline because cybercriminals will look for and delete backup information. He also said that schools would not need to pay ransoms if the data remains in their hands. Donahue also said schools should develop cyber response plans, regularly train staff in the procedures, and conduct drills to ensure a smooth response in a real attack. Doing this will help identify the most critical threats so leaders can put resources there first. Donahue also stated that schools need to know that the best way to prevent ransomware attacks is by being prepared ahead of time. Since researchers believe that the number of ransomware attacks on schools and universities will keep increasing in the future, schools and universities must take cybersecurity seriously, and implement proper precautions to help defend themselves against cyberattacks.