Schools and Universities Become Prime Targets of Ransomware Attacks

Peyton Feldman, Writer

See the source image

Ever since last spring when the threat of COVID 19 pushed many school administrators, teachers, and students onlinecyberattacks and ransomware targeting schools spiked and hit record highs. Schools and educators make easy targets to exploit since they lack in training on how to deal with attacks and school funding for cyber-attack protection is modest. According to CBS “School administrators are the most likely to be trained in cybersecurity, but districts lack the budget to also train them also very few schools having a cybersecurity insurance plan.  

They make appealing targets because they are rich with sensitive data and contribute critical public services. The fact that “students and staff [are] reliant on the network being available, means that many victims of ransomware attacks in higher education will consider paying a ransom demand of hundreds of thousands of dollars in bitcoin in order to restore the network as quickly as possible”  ZDnet states. 

Hackers use tactics against schools such as showing up uninvited to a video conference using a student’s name to trick teachers into allowing them into the                                                                                                                    session. Then verbally harass students and teachers, display pornography/violent content and doxing.  

Social engineering methods are applied to other form of cyberattacks. For instance, phishing manipulates the target most likely a teacher, faculty member, IT personal or another victim involved with online distance learning to “reveal personal information (e.g., password or bank account information) or performing a task (e.g., clicking on a link)” according to the FBI.  

Exposed ports to a (RDP) Remote Desktop Protocol are the prime way cyber actors “gain initial access to a network and, often, to manually deploy ransomware”. By attacking these network ports, they can escalate privileges, access and exfiltrate sensitive information, harvest credentials, or deploy a wide variety of malware”. This strategy has become a popular attack vector recently since cyber actors are able to use a legitimate network service allowing them to obtain the same accessibility as a typically remote user while maintaining a low profile.  

If hijacking information from a server hacker also tend to disable their End-of-Life Software so victims can’t receive security notifications, bug fixes or technical support hurting a school or any organizations operational capacities. 

Several schools are victims in cyberattacks and ransomware including the Newhall school district in Santa Clartia Valley in southern California in Mid-September. Jeff Pelzel the district’s superintendent dodged a bullet after the entire district was locked up and offline for eight daysPelzel and his IT department made the decision for IT managers to disable the systems and transition to in person learning. CBS news stated “Pelzel is calling for federal and state leaders to crack down on cybercriminals targeting schools and to provide funding for schools to harden their cyber infrastructure.” 


For protecting schools against cyberattacks and ransomware I’d recommend checking out page 5 of… 

Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data ( 

Ransomware: Sharp rise in attacks against universities as learning goes online | ZDNet 

Schools have become the leading targets of ransomware attacks – CBS News