During an early morning staff call, instructors at a middle school in New Mexico's largest city got their first idea of a major technology problem.
There were shout-outs for a new custodian's hard work on the video, as well as the usual announcements from administrators and the union rep. However, there were clues of a looming crisis throughout the conversation. Nobody had access to attendance data, and no one had access to class rosters or grades.
The outage, which prevented access to the district's student database, which also includes emergency contacts and listings of which people are authorized to pick up which children, was subsequently verified by Albuquerque administrators to be the result of a ransomware attack.
Sarah Hager, an art teacher at Cleveland Middle School, stated, “I didn't understand how crucial it was until I couldn't use it.”
Cyberattacks like the one that forced Albuquerque's largest school district to suspend classes for two days have become a growing menace to American schools, with many high-profile occurrences documented since last year. And the coronavirus outbreak has exacerbated the problem: more money is being demanded, and more schools are being forced to close as they try to recover data or delete all laptops manually.
“Incidents have been increasing in frequency and severity in pretty much any way you cut it,” said Doug Levin, head of the K12 Security Information Exchange, a Virginia-based charity that helps schools guard against cybersecurity risk.
Because most schools are not compelled to publicly report cyberattacks, precise data is difficult to come by. Experts claim, however, that public school systems, which generally have inadequate finances for cybersecurity expertise, have become an attractive target for ransomware gangs.
The pandemic has also caused schools to shift more toward virtual learning, increasing their reliance on technology and rendering them more exposed to cyber-extortion. Schools in Baltimore County and Miami-Dade County, as well as schools in New Jersey, Wisconsin, and others, have had their instruction disrupted.
Since 2016, Levin's organization has recorded over 1,200 cyber security incidents at public school districts across the country. There were 209 ransomware attacks, in which hackers encrypt data and demand payment to decrypt it; 53 “denial of service” attacks, in which attackers sabotage or slow a network by faking server requests; 156 “Zoombombing” incidents, in which an unauthorized person intrudes on a video call; and more than 110 phishing attacks, in which a user is duped into letting a hacker into their network by a deceptive
Schools are also dealing with a slew of other issues relating to the epidemic as a result of the recent attacks. When teachers become ill, there are no substitutes available. Where strong virus testing methods exist, tests and staff to administer them are not always available.
In New York City, a cyberattack last month on third-party software vendor Illuminate Education did not result in class cancellations, but it did prevent instructors from accessing grades across the city. The disruption, according to local media, contributed to the stress of educators who were already combining lessons with implementing COVID-19 regulations and covering for sick or quarantined colleagues.
Getting all kids and employees online during the pandemic, according to Albuquerque Superintendent Scott Elder, opened more ways for hackers to get access to the district's system. He highlighted this as a factor in the ransomware attack on Jan. 12 that resulted in the cancellation of lessons for 75,000 students.
The cancellations, which Elder dubbed “cyber snow days,” offered technicians a five-day window over the holiday weekend to reset the databases.
To avoid exposing more flaws in their security systems, many schools seek to keep attacks under wraps or share minimal information.
“It's extremely difficult for school districts to learn from one another because they're not supposed to talk about it because you might disclose weaknesses,” Elder explained.
Last year, the FBI issued a warning about a group known as PYSA, or “Protect Your System, Amigo,” claiming that the group's attacks on schools, colleges, and seminaries had increased. Conti, one of the nation's top ransomware gangs, requested $40 million from Broward County Public Schools last year.
Ransomware gangs tended to target smaller school districts in 2021 than in 2020, according to Brett Callow, a threat analyst at the firm Emsisoft. While attacks on larger districts garner more headlines, ransomware gangs tended to target smaller school districts in 2021 than in 2020, according to Brett Callow, a threat analyst at the firm Emsisoft. He believes this indicates that larger districts are boosting their cybersecurity spending, while smaller districts, which have less money, remain vulnerable.