“Read a book!” Hall told the kids in her class, trying to think of educational activities on the spot as she quickly logged off.
While incidents like the Colonial pipeline ransomware attack and the Kaseya attack received international attention, schools and universities have also been on the wrong end of cybercriminals.
Experts interviewed by CalMatters — including researchers, cybersecurity companies, IT employees and the FBI — all agree the number of cyberattacks has increased during the pandemic. Many believe the number of attacks on the education sector has also increased, but it’s an area so new to cybercrime that there’s virtually no comprehensive data on it.
California schools, colleges and universities have scrambled to adjust. In the past five years, more than two dozen California school systems have been targeted, from Rialto Unified School District in San Bernardino to Stanford University’s School of Medicine.
Prior to the ransomware attack last September, Newhall had implemented what experts consider commonsense security measures like internal firewalls to prevent malicious software from affecting entire systems. A few times a year, the IT department even sent students and employees fake “phishing” emails — deceptive emails enticing users to click on malicious links or reveal sensitive information — to see if they would click on suspicious links that could compromise their networks.
But none of these efforts stopped cybercriminals from attacking the district’s computer systems and rendering over 6,000 elementary school students and teachers without normal school for a week.
“When we heard that it was ransomware, it was almost like, ‘Are we in a movie?’ Like, what in the world?” Hall said.
How Ransomware Attacks Work
Ransomware attacks use a specific type of malicious software to encrypt files on computers connected to the internet, essentially locking out organizations from accessing their files. The cybercriminals then demand a ransom to decrypt the files.
Sometimes, these attacks are “double-pronged,” meaning the criminals will threaten to sell (or when there’s potential for blackmail, release) sensitive information in order to provide an extra incentive for fast payment. Coveware, a well-known Connecticut-based ransomware recovery firm, found that 77% of ransomware attacks threatened to leak data in the first quarter of 2021.
Emsisoft, a New Zealand-based software company, expects these data theft attacks to double in 2021, with cybercriminals finding more ways to make stolen data useful in extracting a ransom.
The FBI’s Internet Crime Complaint Center, which tracks complaints of cybercrimes (not just ransomware), said it received 791,790 complaints in 2020, a 165% increase from 2016. The complaints only reflect crimes reported to the FBI, so the actual number in any given year is larger.
And as COVID-19 forced many organizations, from schools to huge corporations, to move even more of their systems online, cybercrime increased, said Ronald Manuel, a supervisor on the FBI’s Los Angeles cyber task force.
Schools and universities confronted an unprecedented increase in attacks.
In 2020, cybercriminal attacks affected at least 1,681 schools and universities across the country, according to research by Emsisoft. In 2019, only 89 were attacked with ransomware, although over 1,000 more were potentially affected. These numbers represent a minimum of ransomware attacks, Emsisoft said — there are no federal reporting requirements.
Seculore Solutions, a software company based in Maryland, has recorded 122 cyberattacks in California across the public safety, government, medical and education sectors since 2016. At least 26 of those cyberattacks have targeted California school districts, colleges and universities, including the University of California, Sierra College, College of the Desert and Visalia Unified School District.
If the data on cyberattacks seems sketchy and incomplete, that’s because it is. Nick Merrill, a cybersecurity researcher at UC Berkeley, said he doesn’t know of an archive for cyberattacks in California. “But if you find one, please let me know,” he wrote in an email to CalMatters.
While it’s ultimately a mystery how ransomware crews pick their specific targets, the education sector is vulnerable for a few reasons, according to multiple experts. Tight budgets prevent them from having the resources to stop cyberattacks. Unique characteristics — like an open WiFi network — make schools particularly vulnerable. And they are also dependent on their online systems: They wouldn’t be able to function without grading systems or other file-sharing software.