author photo
By Bruce Sussman
Mon | Nov 30, 2020 | 12:55 PM PST

The Thanksgiving break is over, but more than 100,000 students in Baltimore County, Maryland, could not go back to school.

They are blocked from attending virtual classes because of a ransomware attack. And they already know they cannot attend school tomorrow.

As you will see, the attack has created confusion and frustration for parents, teachers, and even the district which is trying to communicate clearly in the midst of a cyber crisis.

Here is what we know about this latest school district ransomware attack.

Ransomware attack on Baltimore Schools: the start

The Teacher's Association of Baltimore County sent out an urgent message at 3:30 a.m. on November 25, alerting that the school district was under attack:

"Warning!! The BCPS system is infected with network issues. Leave your computer off and do not turn it on until we hear back from BCPS."

The district cancelled classes that day, and by 6:24 a.m. announced to staff and families via social media that the specific type of cyberattack was ransomware:

As the district's incident response continued deep into the Thanksgiving weekend, it announced it would need to cancel classes for at least two days following the school break:


Confusion and fear for parents and teachers follow ransomware attack

A ransomware attack against any organization can be devastating. But what happens when it essentially cuts off communication and services with your 100,000+ customers who need all kinds of different things from you?

The Baltimore County Public Schools (BCPS) ransomware attack is illustrating exactly what that looks like. Here are a few examples our SecureWorld team found while reading through comments on the district's Facebook page.

In some cases, parents wonder aloud about conferences they had scheduled with their student's teachers:


And for many college bound students, the impacts of the ransomware attack are being felt during a most important event—the college application deadline:



That last comment crosses the line from fear to frustration. And now some parents are second guessing whether the district did enough to prevent an attack in the first place.


Teachers sensed the frustration of parents, too, and pleaded for understanding that they also are caught in the middle here.


Schools an increasing target of ransomware attacks

SecureWorld News has reported before on the notable increase in significant ransomware attacks against school districts. 

Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic, says the threat landscape has shifted along with the education landscape:

"This year we have seen many schools accelerate to online learning due to the pandemic and home schooling which means that many schools have become heavily dependent on technology to keep running.

At a time when schools are returning from Thanksgiving, and preparing to ramp up learning for the last few weeks before Christmas, 115,000 students are now in limbo, not knowing whether or not their data has been stolen or lost.  Right now, it is not known exactly which systems are affected and if any data has been completely lost such as students' class work."

And while the students, teachers, and parents wait for the answers to these questions following the attack, the school district says its teams are working as quickly as possible.

The latest update includes a simple note from Superintendent Darryl Williams:

"Dear Team BCPS, We appreciate your patience and understanding as we work through the ransomware cyber attack crisis."

And this is how it looks and sounds when a ransomware attack cuts you off from more than 100,000 of the stakeholders you serve.

[RELATED: Baltimore, $18 Million Later: 'This Is Why We Didn't Pay the Ransom']