Image: Paul Bersebach/Orange County Register via Getty Images
Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.
2021 has been the year of ransomware.
Some high profile ransomware attacks, like the Colonial Pipeline hack that halted distribution of gas on the East Coast of the U.S. or meat supplier JBS, have made national news and caught the attention of President Joe Biden.
But it is less often reported that, ransomware attacks have also ravaged U.S. schools. So far this year, almost 1,000 schools across the country have suffered from a ransomware attack, and in some cases had classes disrupted because of it, according to tallies by Emsisoft, a cybersecurity company that specializes in tracking and investigating ransomware attacks, and another cybersecurity firm Recorded Future.
Brett Callow, a researcher at Emsisoft shared the list with Motherboard. It includes 73 school districts, comprising 985 schools. Callow said that it’s very likely there’s some schools that are missing from the list, meaning the total number of victims is likely higher than 1,000.
The list includes schools such as the Mesquite Independent School District in Texas, which comprises 49 different schools; the Haverhill Public Schools in Massachusetts, which comprises 16 schools; and the Visalia Unified School District in California, which comprises 41 schools.
“There is a huge jump in ransomware attacks hitting schools starting in 2019 and that trend is accelerating,” Allan Liska, a researcher at cybersecurity firm Recorded Future who tracks ransomware, told Motherboard in an online chat.
There are, of course, some good stories. For example, when hackers hit the Affton School District in Missouri, the district had to cancel classes for a day out of precaution, but the hackers were not able to encrypt any critical computer or system, as the school was almost entirely running on Google’s cloud, according to Adam Jasisnki, the district’s head of IT.
“It didn’t really have a huge impact,” Jasinski told Motherboard.
Do you have more information about a ransomware incident or a ransomware gang? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email email@example.com
Callow said that despite the still huge number of victims, there are reasons to be hopeful.
“While school districts are falling victim to ransomware at the same rate as ever, it seems that fewer large districts are now being hit. And that could be cause for hope,” Callow told Motherboard in an email. “If larger districts have been able to up their security game, smaller districts can too. We just need to work out what shortcomings exist and ensure they have the resources to address those shortcomings.”
“The increased efforts by governments, law enforcement and private-public sector initiatives seem to be paying off and we’re seeing more wins. Cybercrime operations are being disrupted, and their revenue streams are being disrupted which, combined, alters the risk/reward ratio and will hopefully disincentivize attacks,” he added.
Yet, the numbers are hard to argue against. Schools are getting hit every other week, and 2021 was worse than 2020, according to Liska, who said that last year he and his company catalogued 56 ransomware attacks impacting almost 700 schools.
“The thing is, as bad as it is right now it will likely get worse before it gets better. While most ransomware attacks are not targeted there are two sectors that ransomware groups do seem to enjoy going after are healthcare and schools,” Liska said. “It seems like schools are basically proving ground for ransomware actors to test out their skills. Schools pay significantly less in average ransom than most sectors (when they pay, which is rare), so the ransomware groups are not going after schools for the money.”