Criminal hackers have recently targeted U.S. school districts and will likely continue to escalate their attacks this school year, federal agencies warned Tuesday.
The alert — issued by the FBI, the Cybersecurity and Infrastructure Security Agency, and MS-ISAC, a nonprofit organization that shares cyber threats — warned that “attacks may increase as the 2022/2023 school year begins and criminal ransomware groups perceive opportunities for successful attacks.”
“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk,” the group added.
The alert comes after the Los Angeles Unified School District, one of the largest school districts in the U.S., announced late Monday evening that it had been infected with ransomware. Hackers infected the district’s computer networks with malicious software, locking up files and demanding a ransom payment.
While classes in Los Angeles weren’t canceled, the attack caused a “significant disruption” to the school district and some of its services, the district announced.
Ransomware hackers often go after computer networks tied to essential services, especially if they’re not staffed with strong cybersecurity protections, making school districts a ripe target. In some cases, that leads to schools being closed with little notice, forcing parents to make emergency plans for how to watch their kids.
At least 26 U.S. school districts have been infected with ransomware so far in 2022, with seven of those incidents coming since the beginning of August, according to a tally maintained by Recorded Future, a cybersecurity company.
The Biden administration officially made ransomware a high-priority concern in May 2021, after hackers locked up computer networks belonging to Colonial Pipeline, leading to some gas shortages. Since then, there haven’t been any such high-profile ransomware attacks on energy infrastructure.
But ransomware attacks on school districts as well as health care facilities, which fall under the Department of Homeland Security’s definition of critical infrastructure, have continued, said Brett Callow, a ransomware analyst at Emsisoft, a company that specializes in responding to ransomware attacks.
“I suspect that actors may be avoiding the U.S. targets which they believe are likely to attract the attention of U.S. Cyber Command or put them in the crosshairs of U.S. law enforcement,” Callow said.
Ransomware attacks on schools also run the risk of giving hackers access to children’s personal information, the government warned.
“K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers,” the government alert said.
An NBC News investigation in 2021 found that ransomware groups had published sensitive personal data on American schoolchildren from more than 1,200 schools.