The Tucson Unified School District in Arizona and Nantucket Public Schools in Massachusetts are the latest school districts to experience high-profile cyberattacks.
On Monday, Jan. 30, Tucson USD staff found a letter in their printers stating the district’s network had been compromised by the Royal strain of ransomware and its data had been encrypted and copied, KOLD News 13 reports. In a Thursday conference call, Superintendent Gabriel Trujillo said no evidence had been found to suggest personal or confidential information was stolen.
In Nantucket, a Jan. 31 ransomware attack resulted in students in the district’s five schools being sent home early as school-issued student and staff devices, as well as building security systems, were shut down, the Cape Cod Times reports. School resumed Thursday with the majority of district servers restored and students able to use school-issued Chromebooks, but educators still lacked access to tech devices and data.
The Tucson and Nantucket cyberattacks highlight the vulnerability school systems of all sizes face when it comes to ransomware. In such an attack, the perpetrator infiltrates the target’s network with malware that encrypts and locks sensitive data and systems until a ransom is paid.
In the 47,000-student Tucson USD, the district’s cybersecurity safeguards were in good standing when the attack occurred, Chief Technology & Operations Officer Blaine Young told KOLD News 13. Though Trujillo said no evidence had turned up of stolen or copied confidential, personal, employee or student data, he insisted the district wouldn’t hesitate to notify employees, parents, the media and the community if that changes.
The district hasn’t commented on the cost of restoring its network or on the ransom demand, according to KOLD News 13.
In the 1,700-student Nantucket Public Schools, officials were reportedly able to restore the district’s network without paying up.
Despite increased federal attention to cyberthreat prevention, a report from endpoint protection firm Emsisoft in January found schools fell victim to almost as many cyberattacks in 2022 as in 2021. The number of schools hit specifically by ransomware almost doubled year over year, hitting 1,981 for 2022.
The actual number of schools impacted by cyberattacks is often believed to be higher than what’s publicly disclosed. K-12 schools are a popular target for cyberattacks due to both the amount of sensitive personal data stored and an IT funding environment that hasn’t kept pace with staffing and resource needs for cybersecurity amid growing digitization.
Other recent high-profile K-12 ransomware targets have included the Los Angeles Unified School District, Iowa’s Des Moines Public Schools, and Arkansas’ Little Rock School District, the last of which ultimately paid a $250,000 ransom.
The FBI, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing Analysis Center discourage victims from paying ransoms as there’s no guarantee the files will actually be recovered.
Among the top cybersecurity recommendations of district IT officials are regular training sessions, use of multifactor authentication and data loss protection methods, best practices collaboration with peers in other districts, and cyber insurance. In Tucson USD, for instance, an insurance plan through Arizona Risk and Retention Trust is expected to cover the district’s costs to restore its network. District officials did not specify how much those costs will run.