According to tech security company Abnormal Security, over the course of 2020 and 2021, there were 4,200 businesses or entities targeted by ransomware attacks. More than half of those attacks occurred in the U.S., with just five hacking groups carrying out half of all ransomware attacks. So far, the biggest targets of these attacks have been in the manufacturing industry, but recent attacks seem to reveal a new target for these hacking groups: public schools.
Public schools aren't required to disclose cyberattacks on their systems, so the data surrounding these incidents are somewhat limited. Schools are also reluctant to make public information that could reveal their cybersecurity weaknesses. However, experts say that the trend towards attacking school systems is clear.
"Pretty much any way that you cut it, incidents have both been growing more frequent and more significant," said Doug Levin, director of the K12 Security Information Exchange, a nonprofit helping schools protect themselves from cyber-attacks.
Levin's association has tracked more than 1,200 attacks on schools via the internet, with attacks ranging from accessing private video calls to ransomware and denial of service attacks, also known as DDoS attacks.
Cyberattacks on public schools have so far led to school closures as administrators try to regain access to the school's data. The data seized include things like emergency contacts, who is authorized to pick up which students, and other essential information for everyday functions.
"I didn't realize how important it was until I couldn't use it," Sarah Hager, a Cleveland Middle School art teacher, told reporters.
Another major target for hackers is education system software providers. Early this year, a hacker group targeted software supplier Finalsite, leading to interruptions for a wapping 5,000 schools at once.
The pandemic pushed many schools online, making them even more dependent on technology. Now, COVID-19 is compounding the difficulty of responding to ransomware attacks. The amount of money demanded in exchange for the return of data has increased, and schools already struggling to stay open are now being forced to close to address the cybersecurity risk.
Experts say that notoriously underfunded school systems also don't have much money to spare to protect themselves against cyberattacks, making them particularly vulnerable to hackers.
Even in cases where schools aren't forced to close entirely, ransomware attacks leave teachers without access to things like grades. In other cases, fire alarms have been hacked, forcing schools to cancel drills and possibly putting lives in danger. Hackers have also targeted some schools' ability to keep track of which students test positive for the coronavirus, meaning sick kids were "probably" on campus at these schools, according to Hager.
In 2021, the U.S. Federal Bureau of Investigation (FBI) warned colleges, schools, and seminaries about increased attacks from the hacker groups PYSA, short for "Protect Your System, Amigo". Also last year, hacker group Conti attempted to extort $40 million from one of the U.S.'s largest school systems, Broward County Public Schools in Florida.
While attacks on big systems like Broward might receive more media attention, cybersecurity experts say that most 2021 ransomware attacks targeted smaller districts. Experts say this could be because of the difference in these districts' cybersecurity budgets.
School districts may have notoriously poor cybersecurity, but the Biden administration hopes to change that with the recently introduced K-12 Cybersecurity Act. The Act calls on the federal security agency to advise schools on how to better protect themselves from these sorts of attacks.