Intelligence experts in the United States are warning schools of the increased chance of cyberattacks as schools resume.
In a public advisory issued Tuesday, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency said actors from Vice Society – a ransomware threat first identified in summer 2021 – have been “disproportionately targeting the education sector with ransomware attacks.”
Schools with limited cybersecurity resources are often the most vulnerable to ransomware, federal officials said, but even well-defended school systems can be at risk to opportunistic hackers. The education sector, especially kindergarten through twelfth grade (K-12) institutions, has been a frequent target of ransomware attacks, according to the advisory.
Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff.
K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.
In order to prepare for the possibility of a cyberattack, the FBI and CISA advise institutions to maintain offline backups of data; document all external remote connections; require all accounts to comply with nationally-recognized password strengthening recommendations, and other actions.