It's a chicken or the egg matter: If online classes are taken offline in a largely remote environment, how does class continue? Short answer: it doesn't.
Ransomware attacks have hit the education sector especially hard in the post-COVID world. With education already experiencing disruptions, ransomware is crippling the abilities for students to learn even further, causing numerous interruptions.
Just a few of the effects of ransomware include online classes and school networks being shut down, a hefty ransom leaving staff scrambling to decide whether to pay, and the dangers of thousands of students' and faculty's sensitive information falling into the wrong hands.
And as CISA warned, one school's IT staff worked overtime on the holiday weekend to resolve a cyberattack.
Butler County Community College (BC3), located in Butler, Pennsylvania, announced it was a victim of ransomware.
The malicious attack leaves students' personal data vulnerable and resulted in online classes and campus shutting down the Monday and Tuesday after the holiday weekend.
Ransomware hits Butler County Community College
BC3's IT security noticed something did not seem right on November 24th. After looking closer into the incident, staff believed the attack may have originated a few days earlier, right before the start of the weekend.
"After investigating, the attack was thought to have originated Nov. 19. On that date, BC3's information technology division notified the college community that it needed to perform critical maintenance on several college servers.
A regional cybersecurity firm is assisting the college in its ongoing restoration of information," an official blog post noted.
The information security department worked over the holiday weekend to resolve the problem, according to BC3's Vice President for Administration and Finance, James Hrabosky.
In addition to sending out several alerts to students and staff, BC3 also announced the cyberattack on social media.
BC3 cancelled all remote and online courses on Nov. 28 and 29 to perform maintenance on the systems and equipment affected by the attack.
In-person courses had been previously scheduled to take place online, but now students who attend classes on campus may also be impacted.
Education sector continues to be a top target for ransomware
Sadly, what BC3 experienced is no longer a unique situation educational institutions, ranging from elementary school to college, are facing.
Representative Elissa Slotkin, D-Mich., recently provided the opening statement at a committee meeting, A Whole-of-Government Approach to Combatting Ransomware: Examining the DHS's Role.
In her statement, Slotkin discussed how ransomware had negatively impacted her district, which illustrates the growing issue throughout the United States.
"I would just note that our schools, our K through 12 schools, are the places where I've been hearing constant concern from our superintendents, because they've been particularly hard hit. We have 43 school districts in Michigan that have been hit by ransomware attacks, obviously deeply disruptive on top of a very disruptive year.
And we know that Michigan State University, I represent our universities, have been paying ransoms to get back the data of the personal information affecting over 9,000 students. So, it's not going away anytime soon. We know that it's extremely profitable. And we know that Secretary [Alejandro] Mayorkas [DHS] and Director [Christopher] Wray [FBI] and countless others have made this a national security priority."
The United States government has been prioritizing ransomware response due to the skyrocketing number of cyberattacks. In previous joint statements across U.S. agencies such as CISA, DHS, and FBI, the public has been advised not to pay a ransom.
The Biden Administration introduced The K-12 Cybersecurity Act earlier this year to help grade schools implement a risk mitigation policy, as well as pledging nearly $2 billion towards implementing cybersecurity law in the Infrastructure Investment and Jobs Act.
If you are part of an educational organization and you have yet to develop a ransomware response plan, there are many resources available at cisa.gov/stopransomware.
School ransomware attacks continue to climb
Cybersecurity professionals are increasingly experiencing cybersecurity burnout, but it does not look like ransomware will slow down in 2022.
SecureWorld News has covered a slew of ransomware attacks that have victimized schools in this past year alone, and many cybercriminals take action over the holidays.
- A Baltimore, Maryland school experienced a similar situation over the holiday break, which caused frustration for students, parents, and teachers alike.
- Elementary school students who attended Toledo Elementary School in Ohio began getting notices from auto loan companies.
- Howard University, based in Washington, D.C., was hit by a malicious cyberattack over the Labor Day weekend.
Heading into the holiday season, be sure to prepare for the possibility of cyberattacks while staff are out of the office.
Consider this, as well: Read The Holiday Hacker Case Study.
Resources
SecureWorld has several Remote Sessions webcasts planned on the topic of risk mitigation for ransomware attacks. Learn more by visiting the webcasts page for opportunities to better prepare your organization and to earn CPE credits.
