Why Hackers Go After Educational Institutions

Professor teaching a class - Hackers targeting schools

Last week, we showed that ransomware attacks were on the rise and discussed how municipalities need to be aware that they are a prime target.

Kelly Sheridan of DarkReading shed additional light on the subject.  Sheridan cites a study by the cloud-security firm, Armor, which has tracked nearly 200 publicly disclosed ransomware attacks in 2019 and finds that municipalities lead the list with 70 instances.

The next most targeted category was education with 54 school districts and colleges struck by ransomware attacks through September 2019.

What Makes Schools Easy Cyber Attack Targets?


Educational institutions create a perfect storm of vulnerability.

First, most institutions have limited budgets for IT staff and infrastructure.  Public and private primary schools, junior high schools and high schools typically focus most of their IT budgets on equipment for faculty, equipment for student labs, and basic networking.

Private and public universities may have more resources at their disposal but, they often have to spread those resources over a much wider and more complex system.

Second, many educational institutions have to satisfy many different user subgroups: Faculty, staff, labs, student wi-fi access, etc.  While primary school children don’t yet flood the campus wifi with laptops and tablets, the initiative to improve computing skills for older students continues to increase the number of devices on any junior high school, or high school campus.

Colleges and Universities have an exponentially more complex diversity of needs.  Each academic department has specific networking and computer needs and, in the case of many science departments, may also include connected equipment needed for research – some of which may still run on obsolete operating systems.

Related Article: Ransomware Attacks on Government Organizations

This complexity alone is enough to give many IT managers headaches.

Thirdly, schools make for very public targets – not just for professional hackers, but also for students who attack the system for many different reasons … to learn how to hack, to vandalize, etc.

Unlike with corporate environments, it is more difficult to adequately educate users to practice safe computer hygiene.  While the school staff and some educators may be consistent between academic school years, there typically is little to no budget for IT security training.

Also, many schools (especially universities) hire contractors for teaching.  This transient population usually has work hours specifically defined in contracts that are extremely unlikely to include any computer training.

Likewise, every year, students arrive to an academic curriculum defined by state and district legislature – not by the IT managers.  This leads to  complex IT environments in which most users lack any awareness of safe practices when it comes to ransomware or web browsing.

This all increases the likelihood for students and staff to connect malware-infected machines to the school’s wi-fi networks, or to click on suspicious email attachments.

Paying the Price

Unfortunately, ransoms are rising.

In March 2019, Grinnell, Hamilton and Oberlin Colleges were attacked, but the initial ransom demanded was only a few thousand dollars, according to Aimee Picchi of CBS News.

However, by July 2019, Lisa Olliges of KOAM News had covered the ransomware shutdown of Crowder College’s computer systems for several weeks.  DarkReading puts the ransom for the institution as high as $1.6 million.

Related: Have You Been Compromised? Report the Incident Now With Blue Bastion.

Crowder College decided to pursue recovery on its own, and noted that its cybersecurity insurance would cover most of the incurred costs.

Lindsay McKenzie of InsideHigherEd covered the $2 million ransomware demand suffered by the for-profit Monroe College of New York, also in July 2019.

This attack took down the college’s website, the Blackboard learning management system, and email. These issues prevented electronic submission of homework, internal communication and other basic services at the college.

The Timing of Ransomware Attacks

However, ransomware is not the only possible attack, and recovery costs are not the only possible expenses.

In 2018, Long Beach City College in California had its systems compromised by a cryptocurrency-mining malware.

Kevin Chittum and Maila Bringas of the LBCC Viking detailed how the attack blocked faculty emails, encrypted PeopleSoft databases, and delayed student enrollment.

As a junior college about to start the summer session, the student enrollment delay was the most disruptive issue. The attack prevented the basic functionality of the school for several weeks as the IT staff worked from as early as April 11 through April 27th to correct the issue.

Recent: The End is Near for Windows 7 Security Updates

Many students experienced month-long enrollment delays.

Attacking an institution just before a new academic term puts enormous pressure on the school to resolve the issue quickly.  Lindsay McKenzie of InsiderHigerEd covered the August 2019 attacks just before the term began at Regis University in Denver, Co., and The Stevens Institute of Technology in Hoboken, N.J.

Both universities were forced to intentionally disable the college’s networks and systems to prevent a widespread impact from their respective cyber threats.  Michael Corn, chief information security officer at the University of California, San Diego notes that the timing “could be coincidental, but my gut is telling me it isn’t.”

Preparing Your Institution

Unfortunately, the attacks keep coming.

According to Armor’s updated report, from Sept. 11 through Sept. 20, nine school districts and one college (Crowder College) publicly admitted to being hit by ransomware.  Additionally, from Sept. 20 to Sept. 26, an additional five school districts came forward.

Recent: How Safe is Your Office 365 Data?

Furthermore, hundreds of individual K-12 schools are potentially affected in states such as Alabama, Florida, Georgia, Illinois, Missouri, Ohio, Oklahoma, Nebraska, Pennsylvania, Virginia, and Washington.  Connecticut alone had seven school districts hit in 2019.

Ideal Integrations offers many different solutions to help your organization protect itself from attacks, defend you from ongoing attacks, and to also recover from any attacks.  Endpoint monitoring software from companies such as SophosCarbon Black can monitor for ransomware as it attempts to encrypt your drive.

Network design services can be used to isolate key systems from public or internal email systems where user error might enable ransomware attacks.  Managed systems from Ideal Integrations and cybersecurity monitoring from Blue Bastion can vigilantly track bad actors on your organization’s systems and minimize the impact.

Don’t wait for the increasing number of attacks and the rising ransom amounts to catch your organization unawares.

Contact Blue Bastion Cyber Security today by calling (412) 349-6680, or by completing the form below. Be confident in your cyber security – keep your business safe & sound with Blue Bastion!

Secure Your Business and Contact Us Today!