69传媒

Privacy & Security

69传媒 Are a Top Target of Ransomware Attacks, and It鈥檚 Getting Worse

By Lauraine Langreo 鈥 August 17, 2023 3 min read
Conceptual illustration of computer with a pixelated lock on screen.
  • Save to favorites
  • Print
Email Copy URL

Ransomware and other cyberattacks on K-12 schools are increasing, especially as districts lean further into technology use for teaching, learning, and other school operations.

Eighty percent of school IT professionals reported that their schools were hit by ransomware in the last year, according to between January and March. That鈥檚 up from 56 percent from the 2022 survey.

School IT professionals were also more likely to report that they鈥檝e experienced ransomware attacks than IT professionals from other industries, according to the survey, which included responses from 200 IT professionals from the K-12 sector.

鈥淕iven the resource challenges facing schools, we鈥檝e accumulated a lot of sort of technical debt that is going to make better defending school communities from these threats a challenging endeavor,鈥 said Doug Levin, the national director of the K12 Security Information Exchange, a nonprofit focused on helping K-12 schools prevent cyberattacks.

In a ransomware attack, cybercriminals break into a district or school鈥檚 network and take data and encrypt it, preventing the district from accessing the data. Attackers will decrypt and return the data if the district or its insurance company pays a ransom. Attackers typically threaten to release student and employee data to the public if they aren鈥檛 paid.

For instance, after a ransomware attack on Los Angeles Unified last year, hackers published highly sensitive mental health records of current and former students. And after a breach at Minneapolis Public 69传媒 in March, a cyber gang published files detailing campus rape cases, child abuse inquiries, student mental health crises, and suspension reports, .

Guidance from the FBI and the federal Cybersecurity and Infrastructure Security Agency discourages paying the ransom because it doesn鈥檛 guarantee that the data will be decrypted or that the systems will no longer be compromised. Paying the cyber criminals also encourages hackers to target more victims.

See Also

Special Report Cybersecurity
Getty

But the question of whether or not to pay ransom does not always have a simple answer, especially for school districts that have to ensure continuity of operations, according to experts. Due to insufficient cybersecurity resources, districts sometimes have to pay ransom fees to get their systems back because starting from scratch would be more expensive.

The loss of learning time after a cyberattack ranges from three days to three weeks, and recovery time from the attack can take anywhere from two to nine months, according to . School districts have also lost between $50,000 and $1 million per cyberattack, the report found.

This is 鈥榓 systemwide issue鈥

While there are many strategies individual school districts can use to protect against cyberattacks, Levin said there needs to be a collective effort to protect all schools from these incidents.

鈥淲e do need a much more robust dialogue and conversation about these sorts of incidents,鈥 Levin said, 鈥渁nd really treat the issue as if an attack on one school district is an attack on all school districts. We really need to view this as a systemwide issue, where we need to work together to learn from each other and defend collectively against these threats.鈥

School districts and ed-tech vendors need to come together and agree on what the cybersecurity measures should be and where the responsibility lies, Levin said. These measures should be mandated by policymakers, with investment in resources included so districts can take the steps they need to protect their communities.

See Also

Illustration of cloud computing and lock.
iStock / Getty Images Plus

The White House and the U.S. Department of Education earlier this month announced the launch of a 鈥済overnment coordinating council鈥 that will facilitate formal collaboration among all levels of government and school districts to help strengthen schools鈥 cybersecurity.

The federal initiative 鈥渞aises the visibility on these issues,鈥 Levin said, but it鈥檚 still based on 鈥渧oluntary improvement鈥 from school districts instead of formal rules, so there鈥檚 鈥渁 tremendous amount of work still to be done.鈥

鈥淲e鈥檙e going to need to see much more robust and directive guidance from the U.S. Department of Education and the federal government, as well as dedicated resources to implement that guidance,鈥 he said.

Some state legislatures are ramping up efforts to strengthen K-12 schools鈥 cyber defenses. to protect school districts from major cyberattacks, and in grants to address school districts鈥 cybersecurity needs earlier this year.

See Also

Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus
Privacy & Security Explainer School Cyberattacks, Explained
Alyson Klein, February 11, 2022
12 min read

Related Tags:

Events

School & District Management Webinar Crafting Outcomes-Based Contracts That Work for Everyone
Discover the power of outcomes-based contracts and how they can drive student achievement.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Harnessing AI to Address Chronic Absenteeism in 69传媒
Learn how AI can help your district improve student attendance and boost academic outcomes.
Content provided by 
School & District Management Webinar EdMarketer Quick Hit: What鈥檚 Trending among K-12 Leaders?
What issues are keeping K-12 leaders up at night? Join us for EdMarketer Quick Hit: What鈥檚 Trending among K-12 Leaders?

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide 鈥 elementary, middle, high school and more.
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.

Read Next

Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/Education Week via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For 69传媒 And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by 
Privacy & Security What 69传媒 Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+
Privacy & Security Civil Rights Groups Seek Federal Funding Ban on AI-Powered Surveillance Tools
In a letter to the U.S. Department of Education, the coalition argued these tools could violate students' civil rights.
4 min read
Illustration of human silhouette and facial recognition.
DigitalVision Vectors / Getty