Over 500 US schools were hit by ransomware in 2019

Fifteen US school districts, accounting for 100 schools, were hit in the past two weeks alone.

Ransomware attacks on the rise against schools and colleges in the US Fifteen US school districts, accounting for 100 schools, were hit in the past two weeks alone.

In the first nine months of the year, ransomware infections have hit over 500 US schools, according to a report published last week by cyber-security firm Armor.

In total, the company said it found and tracked ransomware infections at 54 educational organizations like school districts and colleges, accounting for disruptions at over 500 schools.

To make matters worse, the attacks seem to have picked up in the last two weeks, with 15 school districts (accounting for over 100 K-12 schools) getting hit at the worst time possible -- in the first weeks of the new school year.

Of these 15 ransomware incidents, Armos said that five were caused by the Ryuk ransomware, one of today's most active ransomware strains/gangs.

Name
City State
Ava R-I School District Ava MO
Wallenpaupack Area School District Hawley PA
Mad River Local Schools Riverside OH
Papillion-La Vista Comm. Schools Papillion NE
Rockford Public Schools Rockford IL
Souderton Area School District Lansdale PA
Wakulla County School District Crawfordville FL
Jackson County School District Marianna FL
Wyoming Area School District
Exeter PA
Mobile County School District
Mobile
AL
Houston County Board of Education
Perry
GA
Guthrie Public Schools
Guthrie
OK
Smyth County Public Schools
Saint MArion
VA
Northshore School District
Bothell
WA

Overall, Connecticut saw ransomware infections hit seven school districts throughout 2019, making them the state whose educational institutions were compromised the most by ransomware attacks this year.

But while Connecticut saw the most ransomware infections targeting school districts, it was Louisiana who handled the attacks the best when, in July, Governor John Bel Edwards declared a state of emergency in response to a wave of ransomware infections that hit three school districts. The governer's actions rallied multiple state and private incident response teams together and helped impacted school districts recover before the new school year, without paying the hackers' ransom demand.

Unfortunately, the Armor report doesn't go into details of what districts paid the ransom demand and which did not, since not all this information is currently available.

However, based on currently available information we know that Crowder College of Neosho, Missouri, reported receiving the highest ransom demand among all school districts, with hackers requesting a whopping $1.6 million to provide the district with means to decrypt its systems.

Different report, different numbers, still huge

But the number of impacted educational institutions could be even much higher. A different report from antivirus maker Emsisoft, released today, claims to have identified 62 ransomware incidents that impacted US schools in 2019.

These 62 incidents took place at school districts and other educational establishments, and Emsisoft claims they impacted the operations of 1,051 individual schools, colleges, and universities, more than double the number reported by Armor.

But despite a difference in the number of impacted schools in the Armor and Emsisoft reports, both show a sudden spike in the targeting of US educational institutions with ransomware.

According to a report from the K-12 Cybersecurity Resource Center, of the 119 cyber-security incidents US K-12 schools experienced in 2018, only 11 were attributed to ransomware, just a fraction of the 54 and 62 ransomware incidents reported this year along by Armor and Emsisoft respectively.

The only government sector targeted by ransomware more than schools and colleges were local municipalities, which saw 68 ransomware incidents in the first nine months of 2019, according to Emsisoft.

The Emsisoft report includes additional statistics about ransomware attacks in 2019. The Armor report lists all the 54 educational institutions impacted by ransomware this year. Readers who'd like to keep track of recent ransomware attacks in the US can follow the Ransomware War interactive map for new infections.

Last week, the US Senate passed a bill named the DHS Cyber Hunt and Incident Response Teams Act, which would create incident response teams to help private and public entities defend against cyber-attacks, such as ransomware attacks. The bill previously passed the House floor and is expected to be signed into law by the President in the coming months.