- After officials from Des Moines Public Schools in Iowa noticed a cybersecurity incident on its network Monday morning, the 30,000-student district announced it would cancel classes for Tuesday and Wednesday.
- The district, Iowa’s largest, said it initially turned off all of its network systems “out of an abundance of caution” to resolve the incident. That included cutting off access to systems tied to transportation, building operations, health and safety, food and nutrition, finance, communications and others, according to the district.
- As of Tuesday night, there was still little information available about the nature of the cyber incident, with the matter still under investigation. However, the district said classes are expected to resume Thursday, and students will attend school that day with “an offline learning experience.”
Once again, another major school district is facing severe operational disruptions due to a cyberattack.
Though details of the Des Moines schools incident have not been released, ransomware attacks continue to plague large school districts.
In December, Little Rock School District in Arkansas approved a $250,000 settlement to end a ransomware incident and retrieve data stolen from the 21,200-student district. Los Angeles Unified School District, meanwhile, faced a huge and disruptive ransomware attack over Labor Day weekend.
Federal officials have warned districts in recent months about their vulnerabilities to ransomware attacks.
A November report from the Multi-State Information Sharing and Analysis Center found K-12 schools continue to be targeted for malicious cyberattacks. Schools are typically unprepared for such attacks, the report said, considering they spend just roughly 8%, on average, of their IT budget on cybersecurity.
Despite the federal sirens sounding off, little has changed in the number of schools affected.
Schools faced nearly the same number of cyberattacks in 2022 as in 2021, according to a year-end report by Emsisoft, an endpoint protection firm. Some 88 ransomware attacks hit schools and colleges in 2021 compared to 89 in 2022, Emsisoft said. It is in fact likely that those numbers are higher given not all incidents are publicly disclosed.