“The FBI, CISA, and MS-ISAC have received numerous reports of ransomware attacks against K-12 educational institutions," the advisory says. "In these attacks, malicious cyber actors target school computer systems, slowing access, and — in some instances — rendering the systems inaccessible for basic functions, including distance learning. Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen — and threatened to leak — confidential student data to the public unless institutions pay a ransom.”
In some instances, federal officials say, cyberattackers have been observed using student names to trick the school’s hosts into accepting them into classes conducted via videoconference.
The federal government’s advisory also warns that cyberattackers may attempt to persuade students, parents, faculty and others involved in remote learning to unwittingly download malware or reveal private information.
“Whether as collateral for ransomware attacks or to sell on the dark web, cyber actors may seek to exploit the data-rich environment of student information in schools and education technology (edtech) services,” reads the advisory. “The need for schools to rapidly transition to distance learning likely contributed to cybersecurity gaps, leaving schools vulnerable to attack.
"In addition, educational institutions that have outsourced their distance learning tools may have lost visibility into data security measures. Cyber actors could view the increased reliance on — and sharp usership growth in — these distance learning services and student data as lucrative targets.”
The advisory notes that the FBI and CISA do not recommend paying ransoms to cyberattackers, but the agencies say regardless of what users decide to do they should alert their local FBI field offices about any ransomware so that the federal government can better prevent future attacks.
