Many high-profile ransomware attacks, like last year’s assault on Colonial Pipeline by DarkSide, have focused on corporations. But the bad actors behind those digital assaults don’t limit themselves to the business world. They also appear to be targeting schools.
In 2021, 67 separate ransomware attacks impacted 954 schools and colleges, potentially affecting the data of more than 950,000 students, according to a study by security firm Comparitech. Demands of varying amounts—from $100,000 all the way up to $40 million—were made of the schools in order to regain control of their systems. Few schools reported whether they paid the ransoms, but at least one school paid $547,000, according to Comparitech. In all, the firm estimates, the incidents cost schools more than $3.5 billion in downtime.
The costs go even higher when data recovery, system upgrades, and costs to restore computers are folded in. Some schools were unable to recover.
Lincoln College, a private, predominantly Black university in Illinois that has been around for 157 years, closed permanently last month, citing cyberattacks and the pandemic as reasons. The school had record enrollment in 2019, but the pandemic impacted campus life and limited the school’s ability to raise money. Then, in December, a ransomware attack “thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of fall 2022 enrollment projections,” the school said.
The systems required for recruitment, retention, and fundraising efforts were inoperable after the attack—and while the school paid the hackers a ransom fee, the system didn’t completely come back online until March of this year. By then it was too late. Significant enrollment shortfalls put the school in a hole it couldn’t get out of.
“Lincoln College has been serving students from across the globe for more than 157 years,” wrote David Gerlach, the college’s president, in a statement. “The loss of history, careers, and a community of students and alumni is immense.”
Gathering precise information on ransomware attacks is challenging. The Identity Theft Resource Center notes that reporting on data breaches is inconsistent at best. Of the 367 cyberattacks in the first quarter of 2022, nearly half lacked details about the cause of the breach (such as ransomware or phishing). Companies that pay ransoms are especially reluctant to report the breach.
Based on available data, Comparitech estimates there have been 270 separate ransomware attacks on educational institutions between January 2018 and mid-May 2022. That has a potential impact of more than 3 million students and nearly 4,300 schools and colleges.
Hackers have collected at least $2.64 million in ransom payments from schools in that time, with the average payment totaling $239,733. The company estimates the additional downtime costs for the attacks in that time frame, however, add up to nearly $20 billion.
California, New York, and Texas have seen the most attacks since 2018, with more than 20 each. Illinois had 13 reported and Pennsylvania saw 12.
Ransomware hit a peak in the education sector in 2019, when attacks jumped to 96 (from just 10 the year before). They’ve shrunk in number slightly since then, but attackers are focusing on school districts with bigger budgets, such as Broward County in Florida, where hackers demanded $40 million. (The school district offered $500,000 as a counter offer. The group behind the ransomware dropped their demand to $10 million, but ultimately dumped the school’s data—nearly 26,000 files—online.)
The good news is, that so far 2022 has been a relatively light year for ransomware attacks on schools—and those who are targeted are getting back online faster.
“While hackers may be becoming more targeted in their approach,” Comparitech wrote in its report, “the lower downtime figures suggest schools are more prepared for these attacks and are better able to restore their systems from backups or mitigate the effects of the attacks.”
Login to add comment
Other posts in this group
For well over a decade now, consumers have been used to new iPhones coming out in the fall, like clockwork. However, according to a series of reports, Apple may be planning to change its iPhone re
Booking travel has become a bit of a game—especially if you want to get the best possible prices and avoid getting ripped off.
That’s because hotels and airlines have developed the lovel
Uber is facing internal staff unrest as it attempts to implement a three-day-per-week return to office (RTO) mandate and stricter sabbatical eligibility.
An all-hands meeting late
A study has confirmed what we all suspected: “K” is officially the worst text you can send.
It might look harmless enough, but this single letter has the power to shut down a conversatio
SoundCloud is facing backlash after creators took to social media to complain upon discovering that the music-sharing platform uses uploaded music to train its AI systems.
According to S
The Trump administration on Thursday proposed a multibillion-dollar overhaul of a
