Technology has done wonders for the educational sector. Advancements have made learning, teaching, and sharing resources a lot easier. Schools can now store academic records, student files, and teaching material more efficiently.
However, these enhanced environments have also made schools more vulnerable to cyber-attacks. This was the case for the Minneapolis Public School district that exposed children’s private files after a ransomware attack breached its systems.
Ransomware Attacks on Schools Leave Children’s Private Files Exposed
In early March 2023, Minneapolis Public Schools revealed that its network was infected with an encryption virus that led the district to cancel all after-school activities. School officials sent a letter to parents claiming that an "unauthorized threat actor" may have accessed data in the system.
Three weeks later, the school district notified parents that the data stolen in the breach was released onto the dark web. Ransomware group Medusa claimed responsibility for the attack on the school and released a video with information – setting a ransom at US$ 1 million.
In July, the Associated Press learned that the data dumped onto the dark web was “raw, intimate, and graphic.” The publication found out that the files leaked describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.
After Minneapolis Public Schools refused to pay the US$ 1 million ransom, 300,000 private student files were exposed. This included the complete sexual assault case folios, medical records, discrimination complaints, Social Security numbers, and the contact information of district employees.
Individual victims were not notified of the breach even months after the cyber-attack. No federal laws exist to require this notification from schools. The Associated Press reached out to the families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.
Parents of the Minneapolis students say that the children feel doubly victimized. A student in one leaked file begged that somebody “please do something,” while recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.
Schools Cyber Attacks: A Growing Problem
According to CBS, state officials of Minnesota say that schools and universities were the targets of at least 78 cyber-attacks in 2022. In the same year, ransomware attacks on US schools and colleges cost an estimated US$ 9.45 billion.
Schools are meant to be fortresses of guidance and learning. These spaces are supposed to be safe for children to express and discover themselves. Unfortunately, as more schools lean into digital transformation, the risk of vulnerability skyrockets.
More schools are now becoming a target for ransomware attacks. In 2022, the Los Angeles Unified School District was the victim of a ransomware attack as well. The second largest school district in the US had data leaked onto the dark web after refusing to pay a ransom.
The district said that “public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.” In January of the same year, an Albuquerque public school system was also forced to close for two days after a cyber-attack affected systems.
For most schools, the recovery from a cyber-attack can be overbearing. The costs of restoring computers, recovering data, and investing in cybersecurity can be too much for overburdened and underfunded schools.
The Covid-19 pandemic also played a large role in the vulnerability of schools. In 2022, Lincoln College in Central Illinois had to shut its doors after financial strain from the pandemic to push toward better technology for remote learning.
A cyber-attack on the school in 2021 had also “thwarted admissions activities and hindered access to all institutional data,” creating an unclear picture of 2022 enrolment projections.
According to another study, ransomware attacks targeting K–12 schools worldwide last year grew at a rate of 827% over 2021. These are schools that combine kindergarten up to 12th grade. The report also stated that encrypted attacks or malware over HTTPs rose by 411% in the education sector.
An advisory released by the US government warned about a ransomware group called “Vice Society” that emerged in 2021 and had been “disproportionately targeting the education sector with ransomware attacks.”
The same advisory also suggested that K-12 schools “may be seen as particularly lucrative targets” because of the sensitive student data stored on school systems or through third-party tech companies.
Why Are Schools Being Targeted by Ransomware Attacks?
Ransomware attacks on schools have become a growing issue now. There are a few reasons why hackers might choose to target schools in particular though:
- Advanced Technology: While the use of technology is necessary for the educational sector, this does open the floodgates to cyber-attacks on schools. As more files and endpoints are introduced into a network, it becomes more vulnerable.
- Funds Readily Available: Unlike businesses, schools will always have a steady supply of income from taxes. This makes them the ideal target for ransomware attackers looking to score.
- Lack of Cybersecurity: As mentioned before, most schools simply do not have the proper cybersecurity measures in place to defend against a sophisticated cyber-attack. IT infrastructure isn’t always a priority when it comes to funding.
- Accessibility: After the pandemic, remote learning and teaching were a saving grace for lockdown situations. Students, parents, and teachers all found new ways to access web portals and networks from different devices. While this has been convenient, it also increased the surface attack area for cyber-attacks.
- Pressure from Parents: While the official advice from the FBI is to never pay the ransom, when it comes to children, there is a significant amount of pressure on schools to simply oblige to ransom demands.
Staying Prepared for Cyber-Attacks on Schools
When cyber-attacks against schools take place, they affect generations of future minds. To stay ahead of the increasing attacks, there are measures that schools can take to prevent school hacks. A few of these steps include:
- Regular monitoring of systems for malware, viruses, and more. Using advanced antivirus solutions ensures a clean network.
- Segregation of services offered. This will ensure that a cyber-attack does not affect the entire network at once. Limiting access also limits the risk involved.
- Never pay the ransom. This will open the gates for more cyber-attacks and shows hackers that you’re a soft target. Rely on cybersecurity experts to decrypt your data instead.
- Regular training for all employees. Human error is a leading cause of most cyber-attacks. Ensure that all teachers and employees follow strict cyber hygiene protocols.
- Keep all systems and software updated.
- Lock out previous employees with access to the system.
- Move data to the cloud. Cloud infrastructure is secure, affordable, and much more reliable.
- Invest in proactive cybersecurity measures. While defending your network is important, schools should look for cybersecurity that actively finds threats and mitigates them before damage can be done.
- Use a robust cybersecurity provider that caters to your needs.
Sangfor Technologies is a leading cybersecurity and cloud infrastructure provider that makes use of intelligent, proactive, and efficient products and platforms to ensure the best protection for your network.
Sangfor understands that the educational sector is particularly vulnerable and works to ensure that schools are safe from cyber-attacks and ineffective infrastructure.
Don’t just take our word for it, read about how Sangfor’s products have already succeeded in providing elite cybersecurity and infrastructure to schools and universities:
- The Pelita Harapan University has made use of Sangfor’s Internet Access Gateway (IAG) solution to improve user experience and manage network traffic effectively. This ensures secure internet access for all students.
- The Systems Technology Institute made use of the Sangfor Next Generation Firewall (NGFW) to provide comprehensive protection – combining proactive vulnerability scanning and advanced persistent threat protection.
- The Sripatum University used Sangfor’s Endpoint Secure platform in combination with the Next-Generation Firewall to protect the university from ransomware, backdoor attacks, and trojan horses.
Sangfor goes the extra mile to ensure that schools and universities are prepared against cyber-attacks. For more information, please contact us.