In the first nine months of the year, ransomware infections have hit over 500 US schools, according to a report published last week by cyber-security firm Armor.
In total, the company said it found and tracked ransomware infections at 54 educational organizations like school districts and colleges, accounting for disruptions at over 500 schools.
To make matters worse, the attacks seem to have picked up in the last two weeks, with 15 school districts (accounting for over 100 K-12 schools) getting hit at the worst time possible -- in the first weeks of the new school year.
Of these 15 ransomware incidents, Armos said that five were caused by the Ryuk ransomware, one of today's most active ransomware strains/gangs.
| Name||City|| State|
|Ava R-I School District||Ava||MO|
|Wallenpaupack Area School District||Hawley||PA|
|Mad River Local Schools||Riverside||OH|
|Papillion-La Vista Comm. Schools||Papillion||NE|
|Rockford Public Schools||Rockford||IL|
|Souderton Area School District||Lansdale||PA|
|Wakulla County School District||Crawfordville||FL|
|Jackson County School District||Marianna||FL|
| Wyoming Area School District||Exeter|| PA|
| Mobile County School District|| Mobile|| AL|
| Houston County Board of Education|| Perry|| GA|
| Guthrie Public Schools|| Guthrie|| OK|
| Smyth County Public Schools|| Saint MArion|| VA|
| Northshore School District|| Bothell|| WA|
Overall, Connecticut saw ransomware infections hit seven school districts throughout 2019, making them the state whose educational institutions were compromised the most by ransomware attacks this year.
But while Connecticut saw the most ransomware infections targeting school districts, it was Louisiana who handled the attacks the best when, in July, Governor John Bel Edwards declared a state of emergency in response to a wave of ransomware infections that hit three school districts. The governer's actions rallied multiple state and private incident response teams together and helped impacted school districts recover before the new school year, without paying the hackers' ransom demand.
Unfortunately, the Armor report doesn't go into details of what districts paid the ransom demand and which did not, since not all this information is currently available.
However, based on currently available information we know that Crowder College of Neosho, Missouri, reported receiving the highest ransom demand among all school districts, with hackers requesting a whopping $1.6 million to provide the district with means to decrypt its systems.
Different report, different numbers, still huge
But the number of impacted educational institutions could be even much higher. A different report from antivirus maker Emsisoft, released today, claims to have identified 62 ransomware incidents that impacted US schools in 2019.
These 62 incidents took place at school districts and other educational establishments, and Emsisoft claims they impacted the operations of 1,051 individual schools, colleges, and universities, more than double the number reported by Armor.
But despite a difference in the number of impacted schools in the Armor and Emsisoft reports, both show a sudden spike in the targeting of US educational institutions with ransomware.
According to a report from the K-12 Cybersecurity Resource Center, of the 119 cyber-security incidents US K-12 schools experienced in 2018, only 11 were attributed to ransomware, just a fraction of the 54 and 62 ransomware incidents reported this year along by Armor and Emsisoft respectively.
The only government sector targeted by ransomware more than schools and colleges were local municipalities, which saw 68 ransomware incidents in the first nine months of 2019, according to Emsisoft.
The Emsisoft report includes additional statistics about ransomware attacks in 2019. The Armor report lists all the 54 educational institutions impacted by ransomware this year. Readers who'd like to keep track of recent ransomware attacks in the US can follow the Ransomware War interactive map for new infections.
Last week, the US Senate passed a bill named the DHS Cyber Hunt and Incident Response Teams Act, which would create incident response teams to help private and public entities defend against cyber-attacks, such as ransomware attacks. The bill previously passed the House floor and is expected to be signed into law by the President in the coming months.