Cybercriminals strike schools amid pandemic
Just days before the Aug. 3 scheduled start of school, officials at the Athens Independent School District in East Texas received a shock.
Cybercriminals had attacked the district’s entire computer network, encrypting all the data and demanding $50,000 in ransom for its release. Access to everything from teacher communications to student assignments was blocked.
“It was terribly disruptive, to put it mildly,” said Toni Clay, the district’s spokesperson. “We no longer had access to any student information, such as schedules, email addresses, anything that would be stored. Internally, we had no staff information. It was all frozen.”
The plan had been to begin school online for three weeks and then transition to a hybrid model of both virtual and in-person classes. Instead, officials ended up delaying the start of school completely for a week.
Athens is one of at least 16 school districts, from California to New Jersey, that have been victimized in a rash of ransomware attacks since the end of July.
Some have been forced to push back school reopening dates. Others that already started school have had to cancel classes for a day or more.
The attacks have placed a heavy burden on school administrators as they grapple with whether it’s safe for students and teachers to return in person and whether schools are prepared to handle social distancing and other requirements.
School information technology staffs, meanwhile, have been consumed with the transition to virtual learning, making districts even more vulnerable to hackers, experts say.
“School district IT shops were supporting the network and the remote environment and software upgrades and training. They were overwhelmed by requests for help in ways they had never seen before,” said Alan Shark, executive director of the Public Technology Institute, a Washington, D.C.-based nonprofit that provides professional development and consulting services to local government IT executives.
“People’s attention spans at the security end probably got dissipated trying to put out all these fires,” he said. “There were so many calls to answer.”
At the Athens district, Clay said IT staffers were stretched thin adapting to the new teaching and learning environment.
“Our IT departments are having to do 100 things and get that done yesterday. New software, issuing new devices, installing cameras, helping out families and staff having trouble getting the technology to work for them,” she said. “That already is a tremendous amount of strain on the infrastructure of a school district. It makes us targets for people who care nothing at all about the impact this type of destruction has on our communities.”
And as schools reopen for in-person classes, laptops taken home by students, teachers and administrators are being reconnected to school networks, which could make it easier for criminals to introduce malware, said Doug Levin, a cybersecurity expert who runs EdTech Strategies, an Arlington, Virginia-based education and technology consulting firm.
Before COVID-19, ransomware attacks on school districts already were spiking, according to Levin. Ransomware hijacks computer systems and holds them hostage until their victims pay a ransom or restore the system on their own.
In 2019, there were at least 62 such cases, compared with 11 the previous year, said Levin, who created the K-12 Cybersecurity Research Center, which tracks and posts publicly disclosed cyber incidents in public school districts.
“Cybercriminals have been getting more savvy about how to target school districts,” he said. “And they understand that school opening is a high-stress, high-leverage point for them to attack. You are trying to enroll students, sign up for your PTA, coordinate bus schedules.”
Among some of the recent attacks:
- Haywood County Schools in North Carolina were closed for several daysin late August. Students have been getting instruction remotely since then.
- Ponca City Public Schools in Oklahoma delayed school reopening from Aug. 19 to Aug. 24 after they were struck.
- King George County Schools in Virginia had to cancel virtual classesand close school buildings to the public Sept. 3 until classes resumed after Labor Day.
- Hartford Public Schools in Connecticut postponed the first day of school on Sept. 8, both virtually and in person, after the city was hit by an attack that affected multiple school district systems, including one used to communicate transportation routes for buses.
Just last week, Newhall School District in Valencia, California, had to put its classes, which have been 100% virtual, on hold for the day after a ransomware attack.
For now, the students — all in elementary school — don’t have access to their teachers online so they’re doing classroom activities at home using paper and pencils, said Jeff Pelzel, the district superintendent.
“With COVID, we don’t have the luxury of saying, ‘We want to bring you back in and teach you live right now.’ And if you sit home with paper and pencil, you’re not moving learning forward because you’re not in touch with the teacher,” he said. “It’s another layer of frustration for teachers, administrators, parents and students.”
For years, cybercriminals who launched ransomware attacks typically encrypted data and demanded ransom, usually in bitcoin, a cryptocurrency, in exchange for a decryption key. They didn’t access the data or make it public.