After observing a series of ransomware attacks targeting K-12 schools, the United States government convened its inaugural cybersecurity summit on August 8th, 2023, in a concerted effort to mitigate these attacks that have resulted in the compromise of sensitive information such as student medical records, psychiatric assessments, academic performance data, and reports of incidents such as sexual assault on students.
Jill Biden, the First Lady, addressed the issue, emphasizing that safeguarding the future of children hinges on effectively securing their personal data from unauthorized access.
Based on research conducted by security firm Emsisoft, a staggering 48 school districts fell victim to severe ransomware incidents in 2022. In these attacks, malicious groups employing file-encrypting malware exfiltrated data belonging to both students and staff members, including sensitive information like social security numbers and salary account details. The attackers followed a pattern of stealing a subset of data and then issuing threats to publish it online if their demand for cryptocurrency ransom was not met.
A separate report issued by the Government Accountability Office in October 2022 revealed that ransomware hackers had a substantial impact on over 1.2 million students during 2020. This period coincided with increased reliance on online educational programs due to the global lockdowns resulting from the Covid-19 pandemic.
According to findings from the Center for Internet Security, a non-profit organization, by the conclusion of 2021, one out of every three U.S. districts had experienced breaches.
During the Cybersecurity summit attended by Ms. Biden, it was underscored that the ransomware groups had demanded ransom amounts ranging from $50,000 to $1 million from each victim, with approximately 21% of the affected parties complying and making the payment.
With the new school year mere weeks away, the White House, under the leadership of the First Lady and congressional members, engaged in discussions addressing concerns such as mitigating cyber attacks on educational institutions and advocating for stringent punitive measures against perpetrators to instill a deterrent among potential wrongdoers.
