Eleven new U.S. school districts (comprised of 226 schools) have been compromised by ransomware since late October, says a report by Armor.

Since January 2019 to date, Armor has identified a total of 72 school districts and/or individual educational institutions that have publicly reported being a victim of  ransomware.  These attacks have potentially impacted 1,039 schools nationwide.

Of the 11 school districts hit in this last attack wave, only one has reported having paid the ransom, but did not disclose the sum (Port Neches-Groves), 3 reported having  refused to pay and seven have not revealed whether they have paid the ransom or not.

Armor has identified 269 publicly announced  ransomware victim organizations in the U.S. since January 1, 2019. Municipalities continue to lead the victim list at 82, followed by school districts and/or educational institutions at 72,  followed by 44 healthcare organizations and 18 Managed Service Providers (MSPs) and/or Cloud-Based Service Providers.

Education Ransomware Victims in 2018

According to the K-12 Cybersecurity Resource Center, K-12 schools experienced 119 cyber incidents in 2018. They attribute a total of  9.76 percent (approximately 11 schools) have been hit by ransomware.

According to Chris Hinkley, Armor’s Head of the Threat Resistance Unit (TRU) research team, schools  and municipalities continue to be very desirable targets for ransomware threat actors because these types of organizations host a lot of important, sensitive data, which is required for communities to function properly.  The cybercriminals also know that often these entities don’t have sufficient cybersecurity protections in place. “The attackers know that the services these organizations provide are critical to their communities, and they also know that schools and municipalities are typically more vulnerable to security attacks because of their limited budgets and lack of IT staff,” said Hinkley.  “This combination can give the threat actors a tremendous advantage over their victims because they know these entities cannot afford to shut down and are often more likely to pay the ransom.”

11 U.S. School Districts Identified as a Victim of Ransomware Since October 20

  • Wood County Schools, Parkersburg, West VA
  • Port Neches-Groves Independent School District, Port Neches, TX
  • Penn-Harris-Madison School Corporation, Mishawaka, IN
  • Livingston New Jersey School District, Livingston, NJ.
  • Chicopee Public Schools, Chicopee, MA
  • Claremont Unified School District, Claremont, CA
  • Sycamore School District 427, DeKalb, IL
  • Maine School Administrative District #6, Buxton, ME
  • Lincoln County, Brookhaven, MS
  • San Bernardino City Unified School District ,San Bernardino, CA
  • Las Cruces Public Schools, Las Cruces, NM