Connect with us

Hi, what are you looking for?



K-12 Schools Improve Protection Against Online Attacks, but Many Are Vulnerable to Ransomware Gangs

Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations.

Some K-12 public schools are racing to improve protection against the threat of online attacks, but lax cybersecurity means thousands of others are vulnerable to ransomware gangs that can steal confidential data and disrupt operations.

Since a White House conference in August on ransomware threats, dozens of school districts have signed up for free cybersecurity services, and federal officials have hosted exercises with schools to help them learn how to better secure their networks, said Anne Neuberger, the Biden’s administration’s deputy national security advisor for cyber and emerging technology.

Neuberger said more districts need to take advantage of programs available that would better guard against online attackers who are increasingly targeting schools. Their aim is to lock up computer systems, and in some cases, steal and publish sensitive personal information if a ransom is not paid.

“Compromises happens again and again, often in the same way, and there are defenses to protect against it. And here the government has really brought companies together, brought agencies together to deploy some of those,” Neuberger said in an interview. “Don’t give up. Reach out and sign up. And your kids will be a lot safer online.”

The administration announced steps over the summer to help cash-strapped schools, which have been slow to build up cybersecurity defenses. Ransomware attackers, many of whom are based in Russia, have not only forced schools to temporarily close but have exposed a wealth of students’ private information.

Last month, parents sued the Clark County School District in Nevada, alleging a ransomware attack led to the release of highly sensitive information about teachers, students and their families in the country’s fifth largest school district. In another high-profile case this year, hackers broke into the Minneapolis Public Schools system and dumped sexual assault case records and other sensitive files online after the district refused to pay a $1 million ransom.

More than 9,000 small public school districts across the United States with up to 2,500 students — that’s roughly 70 percent of public districts in the country — are now eligible for free cybersecurity services from web security company Cloudflare through a new program called Project Cybersafe Schools, Neuberger said. Since August, roughly 140 districts in 32 states have signed up for the program, which provides free email security and other online threat protection, she said.

James Hatz, technology coordinator for Rush City Public Schools in Minnesota, said the program arrived just in time for their district, quickly stopping 100 suspicious emails from getting to staff. Hatz said cybercriminals often try to get teachers to click on malicious links by pretending to be an administrator sharing documents about things such as pay raises.

Advertisement. Scroll to continue reading.

“We are not going to be bulletproof, but the more we can do to make it harder, the better between user training, this program and everything else,” Hatz said.

Neuberger also said a $20 million grant program from Amazon Web Services that is designed to help schools improve their cybersecurity has received about 130 applications.

The Federal Communications Commission has also proposed a pilot program that would make up to $200 million available over three years to strengthen cyber defense in schools and libraries. Neuberger said the hope is that money will be available to schools in the “near future.”

But Doug Levin, director of the K12 Security Information eXchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risk, said he fears attacks against schools are going to continue to grow both in frequency and severity without more federal support and requirements that schools have baseline cybersecurity controls.

“Most have underfunded their IT functions. They do not have cybersecurity experts on staff. And they’re increasingly being viewed as as a soft target by cyber criminals,” Levin said. “So, ultimately I think the federal government is going to need to do more.”

Related: Ransomware Criminals Are Dumping Kids’ Private Files Online After School Hacks

Related: Ransomware Leads to Nantucket Public Schools Shutdown

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to and Exchange Online.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...


Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Microsoft and Mitre release Arsenal plugin to help cybersecurity professionals emulate attacks on machine learning (ML) systems.


Private equity giant plans to buy Forcepoint’s Global Governments and Critical Infrastructure (G2CI) business unit for $2.5 billion.