Schools are facing more cyberattacks than ever before

From 2016 to 2020 there have been above 855 cyberattacks on U.S. School districts. Microsoft Security Intelligence has said there are more attacks on schools and school districts than any other industry. There were 348 reported cyberattacks on school districts in 2019.

School districts are allocating millions of dollars for their computer systems to support virtual learning in the wake of the COVID-19 pandemic. 

The Miami-Dade Public Schools invested in a $15.3 million online learning system. In 2020 their system was hacked with a Denial of Service Cyber attack.

Two main types of cyberattacks on schools

The two main types of cyberattacks on schools are Distributed denial of service DDoS – an attack which overwhelms the targets internet bandwidth, and Ransomware – where the hacker takes control of the target’s computer system and demands money. 

In 2020 because of reliance on distance learning, schools braced for cyberattacks. The average cost for organizations that do not pay the ransomware demands was $730,000.


In computing, a denial-of-service attack (DDoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus disrupting trade.

Criminal perpetrators of DoS attacks often target sites or services hosted on high-profile web servers such as banks or credit card payment


Ransomware is a type of malware from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto viral extortion. It encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. 

In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as  paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment.

However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.

Starting from around 2012, the use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017. 

In June 2014, vendor McAfee released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter of the previous year.

CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US$18 million by June 2015.

Increase in Cyber Risks:-

The coronavirus pandemic has arguably affected the education sector more than any other, with schools, colleges and universities around the globe having been forced to close their doors and deliver classes remotely.

Most of the discussion surrounding this has focused on the logistical problems of setting up e-learning platforms, parents balancing their workloads with home-schooling and students completing exams.

However, one of the most significant issues – particularly in the long term – is that the pandemic has also exposed massive cyber security failings in the education sector.

Indeed, the UK’s National Cyber Security Centre released a security alert to schools and universities sector this week, warning that cyber criminals are targeting the education sector as students return after the summer.

Cyber-Attacks in U.S. Advisory:-

Schools across the county have been the victim of ransomware attacks, which lock computers until a ransom is paid, as they have shifted to remote classes during the pandemic.

The hackers have also stolen and threatened to leak confidential student data unless institutions pay a ransom, according the  advisory from the FBI, the Department of Homeland Security and the Multi-State Information Sharing Analysis Center.

Hackers are expected to continue trying to exploit remote learning to launch attacks, authorities said.

Last month, for instance, Baltimore County schools were the victim of a ransomware attack which canceled classes for more than 115,000 students, the Baltimore Sun Reported.

In August and September, 57% of ransomware attacks reported to the analysis center in August and September involved K-12 schools, according to the advisory.

Hackers likely view schools “as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year,” the advisory states.

As schools struggle to adequately provide for their students during the pandemic, a cyber criminal may see a school as more likely to pay the ransom in order to restore service, rather than forgoing the ransom and rebuilding its computer infrastructure.