author photo
By Bruce Sussman
Mon | Aug 31, 2020 | 10:32 AM PDT

School districts across the United States are back in session.

But this fall, most of the students are sitting in virtual class. They are connecting with their teachers and learning on their laptops via Google, Skype, or Zoom. 

This is a challenge for parents and teachers. It is also an opportunity—for hackers and cybercriminals who are trying to make money by disrupting school district networks.

Ransomware attack shuts down California online learning 

In Central California, the Selma Unified School District abruptly stopped online classes during the middle of the day because of a ransomware attack which was spreading across the district's network.

ABC station KFSN reported on the school district cyberattack:

Just before noon, all teachers were contacted and told they needed to end instruction immediately. Officials with the school district say personal information wasn't targeted, but programs needed for online instruction were.

"We talked about the possibility of waiting to the end of school, but our IT folks said, just like any other infection, the longer you let it go the worse it is going to get," said Assistant Superintendent of Business Services Larry Teixeira.

According to district officials, one of the programs held hostage was a student information system. It holds student demographics along with attendance.

And while one school district is halting its online learning because of a ransomware attack, another one is restarting distance learning following a similar attack.

Ransomware attack hits North Carolina schools

Across the country in North Carolina, students in the the Haywood County district are restarting online classes today. This follows a one-week break in learning caused by a ransomware attack against the district.

A significant cyber attack forced the school system to take down most technology services in order to stop the corruption of school system servers and computers. Since many technology services transmit through system servers, related technologies including telephones and Internet were rendered inoperable.

"While some technology services are still not operating, we felt it was important to return to teaching and learning as soon as practically possible," said Dr. Bill Nolte, Superintendent. "Our students, staff, and community need our schools to be open as much as possible after the negative impact of COVID-19 and the recent ransomware attack."

The district's IT department called in help to get systems back up and running because the district refused to pay a hacker's ransom.

The assistance came from deployed members of the Microelectronic Center of North Carolina (MCNC), NCLGISA Strike Team, and the National Guard. The superintendent says that help was nothing short of outstanding.

'Dirty, rotten scoundrels' behind the attack

As far as the hackers behind the attack? Well, Haywood County Schools Superintendent Dr. Bill Nolte used some unique adjectives to describe them:

"It is done by dirty, rotten, lowdown scoundrels," he told WLOS-News.

Dirty, rotten, and lowdown, indeed. But they keep going looking for a payout.

Texas school district pays ransom to hackers so it can start classes

These attacks are fueled mainly by greed and the ability to make money, regardless of the consequences to students and teachers.

And hackers recently made $50,000 from the Athens, Texas, School District after it agreed to pay a ransom. The attack delayed the start of school by an entire week; and this was physical school, because many Texas students are attending class in person.

Government Technology covered the extent of the ransomware attack on that district:

The attack encrypted all of the data on school district servers, including multiple data backups and a few hundred district computers, which caused all access to data like teacher communications, student schedules, grades and assignments to be blocked, according to a statement from Athens ISD.

During an emergency Athens ISD board of trustees meeting Wednesday, the board voted to pay the ransom amount of $50,000 in cryptocurrency. Athens ISD does have insurance coverage for cyberattacks and a claim is being processed.

"We can't afford to not pay it," AISD Board President Alicea Elliott said. "It would take us months to rebuild all that data so that we could start school."

Ransomware increasing as criminal groups look for new ventures

SecureWorld recently interviewed cybersecurity thought leader Chuck Brooks about the cyber threat landscape. 

And while cybercriminals are evolving, so are more traditional criminals, and this may be fueling the surge in ransomware attacks: 

"With the advent of cryptocurrencies in ransomware, it became a profit motive for a lot of the criminal enterprises. And they replaced, you know, sort of the brick and mortar crime with digital crime, and you're seeing a ransomware being sent to hospitals to help medical clinics to universities and schools.

And they can basically get away with it. It's very difficult to find them and prosecute them. There's a lot of extradition issues with countries, so cybercrime has really grown.

And I think now with our new situation, we have to sort of adapt to using virtual private networks and following stronger security, hygiene protocols, and backing up our data and keeping our devices separate from our work devices or personal devices. But it is a risky business out there, and the environment is really crazy."

Listen to our SecureWorld podcast with Chuck Brooks: