The education sector continues to be hit with targeted ransomware attacks.
At least five of the 24 confirmed or disclosed ransomware attacks in the U.S. last month were against K-12 schools and universities, according to TechTarget. The outlet also said that the total number is likely much higher, as several additional instances were referred to only as cyber attacks or security incidents.
Some attacks were tied to the Hive ransomware group, which claimed responsibility through its public data leak site. Hive leaked information from two education establishments in November.
A joint operation between the cybersecurity advisory from the FBI and the Cybersecurity and Infrastructure Security Agency warned about the Hive organization and its new tactics and techniques.
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, according to information from the FBI. Victims, which include government facilities and healthcare IT platforms, have lost approximately $100 million in ransom payments alone.
Guilford College in North Carolina saw a ransomware attack in October. The college’s spokesperson said the threat actor likely accessed sensitive data, according to The Record.
“While our investigation remains ongoing, we do have evidence to suggest the unauthorized actor responsible for this incident may have illegally accessed sensitive data,” the spokesperson said. The college’s student-run news site reported that the incident caused “system disruptions.”
Norman Public Schools, a district containing 24 schools and 14,000 students in Oklahoma, said it was hit by a ransomware attack on November 4. According to TechTarget, the district warned students and faculty to stop using and shut down Norman Public School-issued devices.
Norman Public Schools said an investigation “determined that an unauthorized actor gained access to certain NPS systems and that information on those systems may have been viewed or taken.”
“Education is so vulnerable to this type of attack because oftentimes organizations don’t have the best cybersecurity in place and the best funding for it,” according to Ryan Olson, vice president of threat intelligence at Palo Alto Networks.
Yet the education sector has not been the only target of recent attacks. Three of the 24 confirmed ransomware attacks occurred against Dallas organizations, including the Dallas Central Appraisal District (DCAD), as previously reported by The Dallas Express. The DCAD’s website has remained down for several weeks following the attack.
The DCAD has not revealed who may have executed the attack and expects the site to be available to the public on December 14, according to D Magazine.