Ransomware Attack Forces Baltimore County Schools to Close

Critics say multiple red flags preceded the ransomware attack on the school district.

Ransomware Attack Forces Baltimore County Schools to Close

Baltimore – Baltimore County Public Schools (BCPS) reopened on Wednesday after being forced to close for three days due to a ransomware attack.

On November 28, the district, which is mostly conducting virtual classes due to the pandemic, announced that its schools would be closed Monday and Tuesday. The ransomware attack occurred two days before Thanksgiving, and BCPS officials described it as a “catastrophic attack on our technology system,” reports the Baltimore Sun.

During the shutdown, which affected all of its nearly 115,000 students, the district revised its platform. Additionally, students and staff with BCPS HP devices were required to check for ransomware. Devices will be replaced with Chromebooks.

Critics say multiple red flags preceded the attack. In May 2019, BCPS officials were warned that their networks were vulnerable, reports the Baltimore Brew. The technology journal Ars Technica used BCPS as a prime example of the vulnerabilities school district computer networks face. One expert told The Brew at that time that major parts of the district’s network were not properly configured or protected.

In response, the district applied a system patch that The Brew reported was the bare minimum needed to prevent an attack.

Additionally, on the day of the ransomware attack, a report by Maryland’s Office of Legislative Audits was released and found that significant risks existed within BCPS’ computer network:

For example, monitoring of security activities over critical systems was not sufficient and its computer network was not properly secured. In this regard, publicly accessible servers were located in the BCPS internal network rather than being isolated in a separate protected network zone to minimize security risks.

Although the report was released on the day of the attack, The Brew opines BCPS probably knew about the vulnerabilities last spring.

Across the board, organizations are reporting a huge increase in phishing attempts, email-based malware attacks, email compromise, ransomware and more. Schools are particularly vulnerable, especially districts that are conducting virtual classes during the COVID-19 pandemic.

Online learning means school districts have experienced a proliferation of devices interacting on their networks, stretching existing security measures thin. Furthermore, home networks tend to be less secure and less frequently maintained than school networks.

Overall, the average cost of a data breach is $3.86 million each.

Hackers have taken note.

About the Author

Robin Hattersley Gray
Contact:

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Conference Ed Spaces Registration Open Promo Campus Safety HQ