Image: Andrew Amistad
Since January, 1,039 schools across the U.S. have been potentially hit by a ransomware attack after 72 school districts and/or educational institutions have publicly reported being a ransomware victim according to a report from security solutions provider Armor.
11 of the total number of impacted U.S. school districts had their systems affected by ransomware since late October, with 226 schools being directly affected as a result.
“Of the 11 school districts hit in this last attack wave, only 1 has reported having paid the ransom, but did not disclose the sum (Port Neches-Groves), 3 reported having refused to pay (Wood County, Penn-Harris-Madison, Claremont) and 7 have not revealed whether they have paid the ransom or not,” Armor’s report adds.
Since the firm previously reported in September that over 500 U.S. schools were hit by ransomware since January, the number of affected schools more than doubled in under three months according to Armor’s stats.
To understand the impact a ransomware attack can have when it hits a school district, just in the case of the Las Cruces Public Schools the incident led to the full shutdown of all roughly 30,000 district devices from 42 schools, as well as full hard drive wipes and operating system reinstalls.
Louisiana’s Governor John Edwards also declared a state of emergency in late July following a huge wave of ransomware attacks that targeted the state’s school districts.
The full list of all 11 school districts hit by ransomware since late October is available in the table embedded below.
|District name||City, State|
|Wood County Schools||Parkersburg, West VA|
|Port Neches-Groves Independent School District||Port Neches, TX|
|Penn-Harris-Madison School Corporation||Mishawaka, IN|
|Livingston New Jersey School District||Livingston, NJ.|
|Chicopee Public Schools||Chicopee, MA|
|Claremont Unified School District||Claremont, CA|
|Sycamore School District 427||DeKalb, IL|
|Maine School Administrative District #6||Buxton, ME|
|Lincoln County||Brookhaven, MS|
|San Bernardino City Unified School District||San Bernardino, CA|
|Las Cruces Public Schools||Las Cruces, NM|
Overall, spanning all industry sectors, Armor says that it identified public ransomware attack reports from 269 U.S. organizations since January 1, 2019, with municipalities leading in victim count with 82 reports, closely followed by educational entitities with 72.
Healthcare orgs have reportedly been impacted by 44 ransomware attacks since the start of 2019, while Managed Service Providers (MSPs) and/or Cloud-Based Service Providers publicly reported 18 ransomware incidents.
Emsisoft confirms the huge numbers
In a separate annual ransomware report published on December 12, Emsisoft says that the impacted educational organizations in 2019 included “86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.”
They also state that 103 state and municipal governments and agencies have also reported ransomware incidents, while healthcare providers have been hit by ransomware gangs 759 times throughout 2019.
In a breakdown by industry sectors, Emsisoft found that the healthcare sector was at the top of the list of most popular ransomware targets this year, with the roughly 759 healthcare providers that have been hit by such attacks during 2019.
Overall, the anti-malware maker says that ransomware directly impacted “at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.”
Ransomware warnings and mitigation
The Senate passed the ‘DHS Cyber Hunt and Incident Response Teams Act’ in September to authorize the Department of Homeland Security (DHS) to maintain incident response teams designed to provide private and public entities with help defending against ransomware and cyber-attacks.
FBI’s Internet Crime Complaint Center also issued a public service announcement in October regarding the increasing number of high-impact ransomware attacks targeting public and private U.S. organizations.
The FBI advises all U.S. entities currently targeted by a heavy barrage of ransomware attacks to follow these best practices:
• Regularly back up data and verify its integrity
• Focus on awareness and training
• Patch the operating system, software, and firmware on devices
• Enable anti-malware auto-update and perform regular scans
• Implement the least privilege for file, directory, and network share permissions
• Disable macro scripts from Office files transmitted via email
• Implement software restriction policies and controls
• Employ best practices for use of RDP
• Implement application whitelisting
• Implement physical and logical separation of networks and data for different org units
• Require user interaction for end-user apps communicating with uncategorized online assets
Organizations and individuals that have been hit by ransomware are also urged not to pay the ransom but, instead, to reach out to their local FBI field office and to report the incidents to IC3 as soon as possible.
Update December 17, 17:16 EST: Added info from Emsisoft’s report on the “State of Ransomware in the US.”