Reading, Writing, and Ransomware: School Cyber Attacks Are On The Rise

Tiara Williams
October 4, 2021
Cyber Security Threats For School Districts

After a bumpy start to the 2020 - 2021 school year, Park Hill School District was finally ready to open its doors to allow full-time attendance for its almost 12,000 students.  The district adopted a hybrid model during the height of Covid-19. Students were divided into groups and would alternate being in-person and online, giving the custodial staff time to clean the facilities and allowing for social distancing with the reduced number of students on campus.  Fast forward to March of 2021, the school district announced that they were ready to fill up classrooms again.  


Then it happened.  Park Hill officials confirmed that a ransomware attack had caused a major system outage that forced the district to cancel classes on what would have been the first day back and went unresolved for another day after that.  Park Hill’s computer system froze, officials discovered several encrypted files in the system, and the attackers demanded that the district pay a ransom.  Derrick Unruh, Director of Technology for Park Hill, said that ransomware likely got into the system when a student or staff member clicked an infected link in an email or website, which compromised their username and password.


Sadly, this is not an isolated incident.  2020 was a record-breaking year for cyber attacks against schools, according to the K-12 Security Information Exchange, a nonprofit that tracks such incidents.  Administrators, teachers, parents, and students had to endure a staggering 408 attacks nationwide in 2020.  However, that number is believed to be on the low side because many attacks go unreported. Almost 40 percent of those attacks included data breaches and leaks, while 12 percent included ransomware.

K - 12 Cyber Incident Types

So why the spike in school cyber attacks?  Here are some key factors:

  • Identity Theft.  This one is obvious.  Schools are privy to a lot of personal information: medical records, social security numbers, and family contacts, to name a few.  But thieves are not just targeting adults.  The personal data of children can be even more valuable because it could be several years before parents of an elementary school student look at their credit report and realize there is an issue.  That is a lot of time to do a lot of damage to a child’s identity.
  • Remote Learning.  With all the division in the country right now, there is one thing we can all agree on:  2020 was a challenging year for parents and students.  Covid-19 left schools nationwide scrambling to provide continuing education in the face of a global pandemic.  Remote learning allowed teachers to interact with their students safely and give them an outlet to get homework help or just hang out with their classmates.  However, as districts became more dependent on technology, they also became more vulnerable to cyber threats.
  • Bond Payments. In February of 2020,  the comptroller of San Felipe Del Rio Consolidated Independent School District in Texas received a fake email from someone claiming to be with the financial institution that the school made semi-annual payments to.  The unsuspecting administrator was duped into wiring a little over $2 million to the hacker’s account. Unfortunately, this scenario is becoming increasingly common.  Moody’s Investor’s Service says the rate of these types of attacks has “increased exponentially” since they started tracking cyber attacks in 2018. 

Most school systems have a minimal budget on the human side of technology.  On average, only one in every five school districts has a full-time staff member dedicated to cybersecurity.  That is a lot of information that one person is responsible for protecting.  But building a cybersecurity program from the ground up can be a significant and often costly undertaking.  

Some school districts find that outsourcing their cybersecurity to a web development agency like Code Koalas is ideal.  The school districts won’t have to build their cybersecurity program from scratch or hire a full-time in-house tech department. Instead, they would have a team of experts with an extensive knowledge base dedicated to protecting their community’s sensitive information.  

The troubling trend of school cyber attacks should motivate districts to be proactive, see potential problems before they start, and seek help from knowledgeable sources when possible. 

If you would like a free, no-obligation evaluation of your website’s cyber security, we would love to connect with you.    

Want to talk about how we can work together?

Ryan can help

Ryan Wyse