Skip to Content

Cybersecurity & Standards, Equity in Civic Technology, Privacy & Data

Ransomware is Still Plaguing Schools: What Can They Do About It?

The number of cyberattacks against schools was on the rise before the onset of the 2020 pandemic, and the shift to remote learning forced by Covid-19 only exacerbated the problem due to schools’ increased reliance on technology and remote learning tools. Unfortunately, the trend shows no signs of abating. 

In particular, schools continue to face ransomware attacks, a form of malware where the attacker uses encryption to lock users out of their own systems and demands a ransom in exchange for the key to unlock the system. As schools have integrated technology more deeply into their operations, particularly during remote learning, these types of attacks have caused increasingly significant disruption, including by robbing students of valuable learning time. Even in those cases where districts are able to keep classes running, the time and money spent adjusting lesson plans to handle the loss of technology, investigating the cause of the breach, restoring systems, and performing other recovery tasks still pulls resources from other priorities.

While this news is distressing, schools aren’t completely powerless in the face of these attacks. Although cybersecurity is an evolving field with new attacks emerging all the time and no system can be 100% secure, schools can take steps to limit the likelihood that an attack will be successful, and limit the damage if an attack does slip through the net. 

First, robust data backups can take the wind out of the sails of a standard ransomware attack. Ransomware depends on the fact that locking users out of their systems will be so disruptive that it will be worth it to the victims to pay the ransom to get back on their feet. Robust data backups offer schools a way to restore their systems and get back up and running without needing the attacker’s assistance at all. An important part of maintaining backups is practicing the restoration process: rebuilding a system from scratch is a complex process, and schools will be better equipped to manage that process in an emergency if they have had a chance to practice and work out the kinks ahead of time.

In addition to backing up data and practicing restoring the system, schools should also adhere to standard cybersecurity practices like training staff on security, minimizing the data collected and stored, using multifactor authentication, and keeping software systems up to date. These foundational security steps can help schools prevent more complex ransomware attacks where the attackers also aim to steal data before locking up the school’s own copy of the data. Sometimes the ransom demand may include a promise to delete the stolen data, but it is impossible for schools to ensure the attacker has actually followed through on deletion, so schools are better off trying to minimize the likelihood of a successful attack, as well as minimizing the potential damage by not maintaining unnecessary data.

Unfortunately, cyberattacks against schools, and particularly ransomware attacks, don’t appear to be going away any time soon. Fortunately, schools can take steps to limit the success of such attacks, and minimize the damage should an attack succeed. For more information about ransomware and best practices, see CDT’s checklist for preparing for and responding to ransomware attacks.