Ransomware attacks show continued rise in K-12 schools

Schools paying higher ransoms and seeing longer closures, according to survey of parents

More parents report experiencing ransomware attacks on their children’s schools, according to new data from Kaspersky. This year, 14 percent of American parents experienced ransomware attacks on their children’s K-12 schools while their child was a student, an increase from 9 percent last year.

Among schools that paid a ransom to their attackers, parents reported an average ransom of $887,360. In 2021, the average was just $375,311. The Ransomware Attacks on K-12 Schools report revealed a number of other findings related to parents’ experiences with these incidents.

In October 2022, Kaspersky surveyed 2,000 parents of school-age children in the United States to find out about their experiences with ransomware attacks on schools. The results are compared to a previous report that posed the same questions to a similar group of parents in October 2021, as well as to an earlier report in June 2021 asking parents more generally about cyberattacks on schools.

According to the survey results, a growing number of schools are opting to pay a ransom to their attackers, in order to restore their systems. In October 2021, 71% of parents who had experienced an attack said their school paid a ransom. This time, that figure rose to 76%, although 14% said their school didn’t pay, which was about the same as last time, while a shrinking percentage didn’t know. Ten percent of parents reporting an attack said the district paid a ransom of more than $1 million; up from 3.7% in 2021.

The rate of attacks on schools may still be rising. Forty-four percent of parents who have experienced an attack said it happened either last summer (2022) or during this school year – which is only partway over – compared to 42% who said it happened last school year (2021-2022) or the previous summer (2021). Fifteen percent said it happened during the 2020-2021 school year or earlier.

In better news, 32% of parents who experienced an attack said their child’s data was not compromised. This was up from 25% in October 2021. A slightly smaller percentage of parents reporting an attack said their child’s data was compromised (60% in 2022; down from 61% in 2021), while a lower percentage of parents said they didn’t know whether it was compromised or not (8%, down from 14%).

82% of parents who experienced attacks said their school was forced to close for at least 1 day as a result, up from 75% in October 2021. The average closure was 2.5 days, up slightly from 2.3 days reported last year. Thirty-two percent of affected parents said they were notified by the school immediately, which was a slight drop from 34% in the June 2021 survey.

Ransomware-school attacks 2021 vs. 2022; Ransom sizes in 2022

“This fall, cybercriminals continued to attack vulnerable schools in an effort not only to get ransom money, but also to steal students’ and teachers’ Social Security numbers, banking information, and even medical histories,” said Kurt Baumgartner, principal security researcher at Kaspersky. “It is, however, encouraging to see that a shrinking number of students appear to be getting their data stolen. We urge school administrators to build on this success by employing some basic security mechanisms, such as multi-factor authentication, regular software updates and to train staff and students to spot phishing attacks. No one should ever pay a ransom, which continues to perpetuate the problem.”

Among parents who experienced an attack, 82% said they were satisfied with their school’s response to the attack, up from 80% in October 2021, while 81% of all parents said they are confident in their school’s ability to successfully handle cybersecurity incidents in the future. In June 2021, only 68% said they think their school was somewhat or very prepared for an attack.

For their part, 69% of all responding parents said they talk at least regularly with their child about practicing good security hygiene, such as using strong passwords, down from 75% in June 2021.

The full report, Ransomware attacks on K-12 schools is available here.

In order to protect against ransomware attacks, Kaspersky recommends:·      

  • Keep software updated on all the devices you use. This prevents attackers from exploiting vulnerabilities and infiltrating your network in the first place.  
  • Set up offline backups and make sure you can access them quickly when needed or in an emergency.
  • School IT administrators should focus their defense strategy on detecting lateral movements and data exfiltration to the internet, and pay special attention to outgoing traffic to detect cybercriminals’ connections to your network.
  • Parents, students and teachers should protect their personal devices with a cybersecurity product, such as Kaspersky, which offers real-time malware protection that stops ransomware and other attacks.

This press release originally appeared online.

Related:
In cybersecurity, balancing vigilance with access
How K-12 IT leaders can protect schools from ransomware

Laura Ascione
Latest posts by Laura Ascione (see all)