Facebook Twitter
Four grade-school students sit together looking at laptops and work on school work.

A closer look at the ransomware problem

Most ransoms are not in the millions, but student data is getting stolen

Article written by Rob Cataldo, Managing Director, North America, Kaspersky

Heading into 2021, security researchers had predicted that the scourge of ransomware attacks against K–12 schools could continue to get worse. They were right. But there are signs of hope. 

Last month, President Biden directed the Cybersecurity and Infrastructure Security Agency to review the cybersecurity risks facing school districts and develop guidelines and resources to help them. 

The move came after an avalanche of ransomware attacks against schools across the country since the spring of 2020, right when internet-connected resources became crucial for educators. Attackers have locked up schools’ IT systems and demanded millions of dollars to release them, and in some cases leaked sensitive student data when the district didn’t pay. 

The setting is a classroom. Three children in the foreground of the photo are huddled around a science project and are entering data into a laptop. There is another group of children in the background also working on the assignment.

In May 2021, Kaspersky surveyed parents of school-age children in the United States and found that a startling 55% of them had experienced cyberattacks on their kids’ schools. This fall, we again surveyed parents for a closer look at ransomware attacks, finding that 9% of parents said their child’s school has suffered a ransomware attack during the child’s time at the school. 

The attacks came with a cost beyond just ransom payments. More than 60% of parents who reported an attack said their child had personal data stolen in the incident. Sadly, this was the outcome that surveyed parents had said they fear the most. It’s a serious privacy issue that can get overshadowed by the large ransoms sometimes paid to attackers. As with any data breach, students’ passwords and other personal info can end up for sale on the dark web and be used for future criminal activity. 

Text and graphic. The text says, “As a result of the ransomware attack, did the school have to close, for any period of time?” And the answers shown in the graph are No, 25%, 1 Day, 25%, 2-4 Days, 36%, 1 week, 14%

The attacks also usually forced schools to close, if only for a relatively short period of time. Three in four victimized schools had to close for at least a day, and the average closure lasted 2.3 days, according to the surveyed parents. None of the respondents reported a closure of more than a week, and ultimately 80% of parents said they were happy with the school’s response to the situation. 

The financial damage tends to vary, although most schools appear to take some kind of hit. More than seven in 10 parents who reported attacks said their school paid a ransom in order to remedy the situation. The ransoms generally were not nightmarishly large, however. Less than 4% of those reporting attacks said the paid ransom, to their knowledge, was over $1 million, while the most commonly reported payments were $100,000 or less. 

A circle graph showing the amounts school districts paid ransom attackers.

But even for relatively small payoffs, the attacks will likely continue as long as schools remain vulnerable. So an important answer to the problem is in strengthening schools’ defenses on a larger scale. Many schools have already been working to educate staff, students, and parents about best security practices, and 80% of surveyed parents said their school has taken such steps. But the next step is for school systems to get an official set of standards to follow, as well as resources to help them get there. The CISA guidelines will hopefully mark a significant milestone in the fight against the ransomware problem. 

If your school is hit with a ransomware attack, we urge administrators to contact the FBI rather than paying the attackers. New decryptors are often made available on NoMoreRansom.org, which also has guidance for schools to mitigate risk. Administrators can also get support from the Multi-State Information Sharing and Analysis Center. If you’re a teacher and want to do your part to help ward off future attacks, take a look at this digital toolkit for educators

Rob Cataldo is managing director, North America at Kaspersky, a global cybersecurity and digital privacy company.

Chalkbeat’s editorial staff had no role in writing or preparing this paid content. Learn about our sponsored content policy.