The frequency and severity of ransomware attacks against schools have increased since the declaration of the global coronavirus pandemic, The Wall Street Journal reports.
Ransomware is when a hacker gains access to a computer system and encrypts the data in the computer’s files—jumbling it up so the data can only be read with a secret key. On occasion, the hacker finds a way to steal the data in the files before encrypting them.
In any case, hackers promise to provide the owner of the computer system the secret key after a “ransom” is paid in bitcoin to release the data back to the owner of the computer system. The ransom amounts vary widely—the University of California, San Francisco, paid a $1.14 million ransom in June—but once paid, hackers have most often responded with the key. The Journal reported districts have received the key 97 percent of the time they have paid the ransom.
The most common method hackers use to gain access to computer systems is by a “phishing” attack, where they send emails to people who work on the computer system and hope they click on a link in the email, which then downloads and activates executable code that either tricks the user into revealing passwords or goes around the system’s security.
Public school districts, unfortunately, are somewhat more vulnerable to ransomware attacks, because they often don’t employ cybersecurity experts who are trained to safeguard their computer systems. They are more attractive targets for hackers because school computer systems have lots of valuable data on them.
In many places, a student’s Social Security number substitutes for an ID. With that and a student’s birthday, their identity can be stolen even 10 or more years in the future. In addition, school data systems often store information about students with special needs, which can sometimes be embarrassing to students or their families if it is released.
When hackers held computer systems at Ohio’s Toledo Public Schools hostage in October, hackers put student information on their website, including “the identities of an eighth-grader listed as emotionally disturbed, a ninth-grader suspended for sexual activity, and a roster of foster children,” the Journal noted.
In September, hackers broke into Clark County’s school data system in Nevada. The school district, which serves more than 300,000 students around Las Vegas, refused to pay the ransom and later found that hackers had published student grades, employee Social Security numbers, and other sensitive data on the dark Web.
“A big difference between this school year and last school year is they didn’t steal data, and this year they do,” the Journal quoted Brett Callow, a threat analyst for cybersecurity company Emsisoft, as saying. “If there’s no payment, they publish that stolen data online, and that has happened to multiple districts.”
In addition to the attacks becoming more severe in that sensitive data is often posted on the dark Web if payment isn’t made, the FBI also noted that the frequency of attacks has increased during the pandemic, as hackers exploit the fact that many more people are working at home and schools are relying more on e-learning.