Ransomware attacks have disrupted operations at 49 US school districts and educational institutions, making the sector the second most popular for attackers after local government municipalities, according to Armor.
The cloud security vendor analyzed publicly reported attacks since January 2019 to better understand the scale of the threat facing the education industry.
It claimed that attacks may have compromised as many as 500 K-12 schools in the first nine months of 2019, versus just 11 last year.
In a little over a week in mid-September, nine new school districts and one college were hit, affecting around 100 K-12 schools, the firm said.
Crowder College, which reported an attack on September 11, claimed the ransom was a massive $1.6m, the first $1m+ demand since Monroe College in New York was hit with a $2m ransom note in July.
According to the school, there’s evidence that hackers had been inside the Crowder College IT systems since November last year. This would make sense if it was one of the five targets hit by Ryuk ransomware this year, as these infections are typically preceded by Emotet or Trickbot trojans, which often lay the groundwork for the ransomware.
Connecticut has the dubious honor of being the state with the most number of compromised school districts, with seven hit, covering 104 schools.
It’s unclear whether the rash of attacks over recent weeks was designed to cause maximum disruption during the busy back-to-school period.
“Educational institutions, municipalities and other organizations whose infrastructure is critical to their communities host a variety of data, most of which is sensitive,” said Chris Hinkley, head of threat resistance at Armor.
“Cyber-criminals know these organizations can’t afford to shut down, they are often using out-of-date hardware and software, and they have few security measures in place. This is a deadly combination in the case of a ransomware attack, which provides for a high sense of urgency and a high probability of large payments.”