- Malicious cyber actors are targeting K-12 schools to launch ransomware attacks, steal data and disrupt distance learning programs, federal officials said in a Joint Cybersecurity Advisory Thursday. The warning was coauthored by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center.
- Ransomware attacks increased since the beginning of the 2020 academic year, according to data from MS-ISAC. Attacks against K-12 schools during August and September made up 57% of reported ransomware incidents, compared with 28% of attacks between January and July.
- The federal agencies received numerous reports of ransomware attacks against school computer systems, which in some cases have left them unable to conduct distance learning programs. Cyber actors are viewing the schools as targets of opportunity and attacks are expected to continue through the 2020-2021 academic year.
The bulletin comes just weeks after schools in Baltimore and Huntsville, Alabama, were disrupted by ransomware attacks.
The five most common ransomware variants targeting the K-12 programs between January and September were Ryuk, Maze, Nefilim, AKO and Sodinokibi/REvil, based on open-source data, third-party analysis and information from victims.
ZeuS, a Trojan that targets Microsoft Windows systems, and Shlayer, a Trojan downloader and dropper for MacOS malware, are among the most prevalent malware types used against K-12 schools. Another method used to attack schools has been distributed denial of service (DDoS) attacks.
Numerous attacks since March have disrupted live-video conferencing sessions with pornographic or violent images, doxing or harassing teachers and students, according to the agencies. The FBI and CISA are recommending schools develop business continuity plans. Officials are urging schools to patch operating systems, change passwords often, use multifactor authentication and audit user accounts with administrative privileges.
The FBI is advising schools not to pay ransomware demands, as they do not guarantee the release of data files and may further embolden bad actors to commit additional attacks.