Ransomware and the Severe Impact on K-12 Public Schools

Similar to most industries during the pandemic, K-12 public schools have been heavily targeted by threat actors with the shift to a remote operating environment. K-12 public schools are a $760 billion sector that serves more than 50 million students at over 100,000 schools across the United States.

School districts manage a wide set of IT infrastructure, software, and associated users, including students, faculty, and administration. Unfortunately, most do not have a dedicated cybersecurity team to handle security issues.

One of the most damaging security threats has been ransomware. In fact, the Buffalo, NY school board approved spending nearly $10 million on external IT consultants to help them respond to a ransomware attack it suffered to restore their data in March 2021. Certain states have regulations against public institutions from paying ransomware at all. In this case, the ransom was not paid, but the cost was extremely high regardless.

Typical ransomware demands made by threat actors against K-12 schools have ranged from $5,000 to $40 million, with an average payment of $268,000, according to Comparitech. This number has only gone up with current data across 2021-2022.

The Scourge of Ransomware

Source: State of Cybersecurity K-12 Year in Review, 2022 Annual Report by K12SIX

Between 2021 and 2022, 56% of K-12 education organizations were hit by ransomware, a nearly 25% increase from the previous year. Even with the return to in-person education, students are using a broader set of internet-connected devices at home and in school. Even worse is that home-networked devices can cross-infect school approved devices for home use, thereby infecting educational infrastructure and providing a gateway for a ransomware attack.

A Stronger Push for Increasing FCC E-Rate Funds for Cyber Security

The E-Rate, or Education Rate, is a U.S. Federal program that provides schools, libraries, and consortia funding services related to internet connectivity, access and basic network security per the Federal Communications Commission (FCC).

On September 14, 2022, the Los Angeles Unified School District sent a letter to the FCC to update the program to help K-12 schools bolster their cyber security posture. This has been an ongoing request by many schools and agencies over the last 12 to 18 months.

However, the Los Angeles Unified School District, one of the top two in the country, suffered a ransomware attack in September, that caused disruptions to critical systems and shut down access to more than half a million users, which prompted this latest request.

Limited Resources and Complexity Hamper K-12 Teams

“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk” – the FBI, the Cybersecurity and Infrastructure Security Agency, and MS-ISAC.

While every enterprise and government sector has struggled to hire and maintain security talent, K-12 has especially struggled to build and/or maintain dedicated security resources. At least there has been increased, though inconsistent, emphasis on training for teachers on how to avoid phishing or ransomware scams. However, all it takes is one well-crafted email to trick someone into clicking a link.

As the cyber security market continues to evolve there is a lot of hype and promises that have been introduced making it difficult for security and certainly non-security practitioners to take the necessary steps to prevent a ransomware attack from successful detonation. In a nutshell, K-12 IT and Security Teams need to research and evaluate the most visionary SIEM and XDR solutions for:

  • Automatic collection, correlation and analyzing of infrastructure wide-data sources for indicators of compromise and reducing alerts
  • Advanced real-time threat detection based on a large set of included and constantly updated threat models and content
  • True adaptability to new attacks and variants by threat actor groups targeting K-12 specifically
  • Delivery of simple, direct, and accurate context for validating the attack and eliminating false positives
  • Generated risk-driven and scored responses with supported workflows and case management for accelerating remediation

Bottom line: K-12 organizations need more context, more automation, and faster answers to shut down ransomware before it can get a foothold.

To learn more about how Gurucul offers better capabilities and value with a simpler and more automated Next Generation SIEM, visit our Next Gen SIEM product page. We have the technology. Let us help!