The education sector continues to be hit with targeted ransomware attacks.
At least five of the 24 confirmed or disclosed ransomware attacks in the U.S. last month were against K-12 schools and universities, according to TechTarget. The outlet also said that the total number is likely much higher, as several additional instances were referred to only as cyber attacks or security incidents.
Some attacks were tied to the Hive ransomware group, which claimed responsibility through its public data leak site. Hive leaked information from two education establishments in November.
A joint operation between the cybersecurity advisory from the FBI and the Cybersecurity and Infrastructure Security Agency warned about the Hive organization and its new tactics and techniques.
As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, according to information from the FBI. Victims, which include government facilities and healthcare IT platforms, have lost approximately $100 million in ransom payments alone.
Guilford College in North Carolina saw a ransomware attack in October. The college’s spokesperson said the threat actor likely accessed sensitive data, according to The Record.
“While our investigation remains ongoing, we do have evidence to suggest the unauthorized actor responsible for this incident may have illegally accessed sensitive data,” the spokesperson said. The college’s student-run news site reported that the incident caused “system disruptions.”
Norman Public Schools, a district containing 24 schools and 14,000 students in Oklahoma, said it was hit by a ransomware attack on November 4. According to TechTarget, the district warned students and faculty to stop using and shut down Norman Public School-issued devices.
Norman Public Schools said an investigation “determined that an unauthorized actor gained access to certain NPS systems and that information on those systems may have been viewed or taken.”
“Education is so vulnerable to this type of attack because oftentimes organizations don’t have the best cybersecurity in place and the best funding for it,” according to Ryan Olson, vice president of threat intelligence at Palo Alto Networks.
Yet the education sector has not been the only target of recent attacks. Three of the 24 confirmed ransomware attacks occurred against Dallas organizations, including the Dallas Central Appraisal District (DCAD), as previously reported by The Dallas Express. The DCAD’s website has remained down for several weeks following the attack.
The DCAD has not revealed who may have executed the attack and expects the site to be available to the public on December 14, according to D Magazine.
We need GLOBAL consensus that such attacks are GLOBAL TERRORISM. WE need ALL countries that house such groups to be cut off from all international internet/phone and international financial systems to every other country until they end the problem permanently.
This includes the hundreds of thousands of phishing phone calls from INDIA and AFRICAN countries daily to the USA and other countries.
I guaranty that if you shut down ALL communication EXCEPT snail mail from let’s say India, for 10 business days with a warning that all the international criminal activity ends or we shut it again ….and again…that India WILL END IT. They KNOW who the perpetrators are and they allow it because the USA and other countries do NOT end all communications with INDIA and disrupt the country’s commerce.
No phone calls, no internet, no friends and family or commercial communication at all.
Sorry about only using one country as an example.