School districts increasingly are becoming a major target of malicious cyberattacks, leaving both the federal government and state governments scrambling to find ways to fight back, The Hill reports.
Recent cyberattacks on school districts in Louisiana, Virginia, and Oklahoma have highlighted the threat. Louisiana Gov. John Bel Edwards declared a statewide emergency last month in response to ransomware attacks on three school districts, and authorized state resources to help the districts.
Last week in Oklahoma, Broken Arrow Public Schools were also targeted by a ransomware attack, in which an attacker encrypts the system and demands payment to unlock it. School Superintendent Janet Dunlop said the district had experienced “network and server issues which are believed to be caused by criminal actors attempting to disrupt the operations of our district.”
In Spotsylvania County, Va., the school district revealed this week that both it and the county government were the victims of email scams. The investigation has been turned over to the Virginia State Police. School officials apparently fell for an email scam and paid $600,000 to a cyber scammer, thinking they were paying a contractor for a new football field.
While school districts may not seem to be the obvious target for hackers in comparison to governments or essential services, Doug Levin, the founder and president of EdTech Strategies, a consulting firm, said they are easy targets due to outdated systems and the fact that they handle large amounts of money.
“They are a soft target, for those that are doing not-very-sophisticated attacks … looking to ransom people and steal data, they are just scanning the internet for easy targets and outdated systems,” Levin said. EdTech Strategies runs the K-12 Cybersecurity Resource Center, which says there have been 533 cyber incidents involving school districts since 2016.