Lessons Learned from the Baltimore County Public Schools Ransomware Attack

School districts across the country are no strangers to crises. BC (before COVID), districts’ crisis preparedness was necessarily focused on school shootings, which steadily rose over the last decade. Today, with millions of children across the world homebound by COVID and forced to learn online, school districts are now facing an onslaught of cyberattacks.

Districts of all sizes need to be aware that their entire IT is a very enticing target to international cyber criminals. With increased student use of computers, publicly available information showing the amounts of taxpayer money in school districts’ reserve funds, under-staffed IT systems with inadequate backups and safeguards, districts have become more vulnerable than ever before. The Wall St. Journal reports that in the US alone, 36 ransomware attacks have been mounted against school districts, large and small, since March.

Many of these districts paid anywhere between $25,000 to $250,000 to recover (maybe) their data. Sometimes paying the criminals costs less than the alternative, that is, not paying and taking weeks to try and (perhaps) rebuild their servers while having to delay kids’ already short-changed educations.

Clark County School District (CCSD) in Las Vegas, the fifth largest school district in the U.S. with about 320,00 students, recently suffered a ransomware attack. But this attack, and others like it, shows how the enemy’s tactics lately have gotten even nastier. As an added inducement for CCSD to pay, the hackers threatened that the district’s sensitive information — teachers’ social security numbers, students’ grades, etc.—would be publicly posted.

When Clark County District refused to pay the ransom, its data became irretrievable and the attackers followed up on their so-called leak ware threat by posting the district’s sensitive data on a dark website. Now, personally alerting individuals whose private information was exposed added a headache on top of the district’s need to restore its files manually. As well, school officials must respond appropriately to parents justifiably fearful about their children’s safety and privacy.

There were other recent ransomware attacks against Baltimore County Public Schools, Fairfax County Public Schools (the nation’s eleventh largest public school district), and the Toledo school district. Even much smaller districts have been attacked.

It is clearly urgent for public school districts, private schools, colleges, and universities, all of which are being targeted, to be prepared to respond quickly and effectively to cyberattacks.  Whether it’s ransomware, leak ware or any other ware out there (and there are many), a digitized, interactive cyberattack response plan that works in lockstep with IT needs to be readily accessible on each response team member’s mobile device. The ability to communicate and coordinate resources tightly and independently of a school’s compromised IT network is essential.

Groupdolists’ mobile app enables instant mobilization of school district response teams. It delivers immediate access to crisis plans and crisis management tools. All forms of intra-team communications, implementation, and tracking of team members’ crisis response activities, as well as automatic documentation of their actions, are at the team’s fingertips.

School districts can sign up for a Groupdolists Education Quick Start offer now with a specially reduced price of $9,999.