500+ Schools Have Been Affected by Ransomware in 2019

A new report found in the past two weeks, 15 school districts made up of over 100 K-12 schools have been hit by ransomware attacks. Universities are also being targeted.
Published: October 4, 2019

A new report shows more than 500 schools have been hit with ransomware in the first nine months of 2019.

The report, published last week by cybersecurity firm Armor, found and tracked ransomware infections at 54 educational institutions, including school districts and universities, reports ZDNet.

In the past two weeks alone, 15 school districts comprised of over 100 K-12 schools have been hit. Of the 15 incidents, five were caused by the Ryuk ransomware, one of the most active ransomware strains today.

Overall, Connecticut was the most compromised state in 2019 with ransomware hitting seven school districts. Crowder College in Neosho, Mo., is believed to have received the highest ransomware demanding $1.6 million to provide the district with means to decrypt its systems.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

Below is a list from Armor’s report of districts affected in the past two weeks. The full list can be found here.

  • Ava R-I School District – Ava, Mo.
  • Wallenpaupack Area School District – Hawley, Penn.
  • Mad River Local Schools – Riverside, Ohio
  • Papillion-La Vista Comm. Schools – Papillion, Neb.
  • Rockford Public Schools – Rockford, Ill.
  • Souderton Area School District – Lansdale, Penn.
  • Wakulla County School District – Crawfordville, Fla.
  • Jackson County School District – Marianna, Fla.
  • Wyoming Area School District – Exeter, Penn.
  • Mobile County School District – Mobile, Ala.
  • Houston County Board of Education – Perry, Ga.
  • Guthrie Public Schools – Guthrie, Okla.
  • Smyth County Public Schools – Saint Marion, Va.
  • Northshore School District – Bothell, Wash.

Similar reports have found an even higher number of impacted educational institutions, including a report from antivirus maker Emsisoft claiming to have identified 62 incidents affecting 1,051 schools and colleges.

While there may be a significant difference in these reports numbers, both have shown a sudden spike in targeting U.S. schools. In 2018, a report from the K-12 Cybersecurity Resource Center found only 11 of the 119 cybersecurity incidents were ransomware. 

According to the Emsisoft report, the only government sector targeted by ransomware more than schools were local municipalities, which saw 68 ransomware incidents in the first nine months of the year. Hospitals also saw a total of 491 attacks.

The report also provides some trends it has seen develop so far this year, including:

  1. Attacks through managed service providers (MSPs) are on the rise
  2. Cyber insurance is becoming more popular, making insured entities more likely to pay demands which result in ransomware being more profitable
  3. Ransom demands are getting bigger, partly attributed to the increase in cyber insurance
  4. Email and attachments continue to be the attack vectors of choice

To stop the frequency in ransomware, the report authors recommend improved coordination and communication channels between the private sector and law enforcement agencies to ensure impacted entities are aware of the availability of potential solutions and workarounds which may minimize recovery cost.

Posted in: News

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series