American officials warned Thursday that hackers are targeting K-12 schools in a new wave of cyberattacks that is disrupting distance learning even as coronavirus cases spike across the country.
The F.B.I. and the cybersecurity division of Homeland Security issued a joint advisory warning of a new wave of ransomware and so-called DDoS, or distributed denial of service, attacks on K-12 schools that are slowing or disrupting student and teacher access to distance learning.
Some of the hackers behind the ransomware, officials said, held school data hostage or threatened to leak confidential student data if a payment was not made.
Over the past month, the attacks have taken more than a hundred schools in Baltimore offline. They have also hit dozens of schools in Texas and Alabama, as well as a handful of schools in Georgia and Ohio, according to public reports collected by Emsisoft, a security firm.
More than half of all ransomware attacks reported to a multistate analysis center in August and September involved attacks on K-12 schools, officials said.
“Schools have always been targets because there is a high likelihood they’ll pay a modest ransom to get their data back,” said Alex Holden, the chief executive at Hold Security, which specializes in cybercrime.
The F.B.I. has advised ransomware victims not to pay, but some schools are ignoring that advice.
Officials in Yazoo County, Miss., recently revealed that they had paid $300,000 to recover data from a ransomware attack last October. In July, officials in Athens, Texas, paid $50,000 to keep their data from being published online.
Cybersecurity experts say K-12 schools are particularly vulnerable, given that younger children are not as well versed in password management and in not clicking on phishing emails.
Many school districts have worked with FireEye, the security firm, which has offered school districts in Texas and elsewhere access to their security tools through the end of 2020. But earlier this week, FireEye revealed that its systems had been penetrated by nation-state hackers that appeared to be Russian.