• United States



How K-12 schools can protect against ransomware attacks

News Analysis
Oct 25, 20173 mins
CyberattacksInternet SecurityRansomware

U.S. school districts are making mistakes by not backing up their data and agreeing to pay ransoms. Here’s what they can do to protect themselves from attack.

Credit: Thinkstock

There’s an outbreak of ransomware attacks on K-12 schools in the U.S. 

Why? Because there aren’t enough IT personnel with cyber experience to combat the hackers — and schools are perceived by hackers as being weak when it comes to security.

A weak target is an organization that does not continuously back up all of its data. An even weaker target is one that caves into cyber thieves and agrees to fork over money to get their stuff back.

Earlier this year, Education Week reported on an a rash of ransomware attacks on local districts, which sparked a debate over whether schools should pay ransoms to reclaim access to their data and systems. Numerous schools were willing to pay. 

The U.S. Department of Education (DOE) is now warning teachers, parents, and K-12 education staff of a cyber threat targeting school districts across the country, according to a CNN story published last week.

Tiina Rodrigue, senior advisor for Cybersecurity at Federal Student Aid, an Office of the DOE, posted “ALERT! – CyberAdvisory – New Type of Cyber Extortion/Threat” on Oct. 16, 2017. The alert is intended for IT staff at K-12 schools and districts, as well as higher-education institutions.

Strategy to protect against ransomware attacks

While the alert contains useful recommendations, it fails to instruct K-12 schools on the two most important action items: 

First, every K-12 school and district should immediately back up every machine (server, PC, laptop and mobile devices) connected to their networks. Failing to back up data exposes schools to ransom demands.

Second, schools should not pay ransoms. While paying a ransom may arguably be beneficial in some isolated instances, it’s an invitation for hackers to launch more ransomware attacks on schools. 

(Hopefully, by the time you read this, the alert will be updated with those items.) 

Then, follow the DOE’s recommendations to protect against ransomware:

  • Conduct security audits to identify weaknesses and update/patch vulnerable systems.
  • Ensure proper audit logs are created and reviewed routinely for suspicious activity.
  • Train staff and students on data security best practices and phishing/social engineering awareness.
  • Review all sensitive data to verify that outside access is appropriately limited.

Ransomware protection tools

In addition to backing up data and following the DOE’s advice, several free ransomware protection tools are available to K-12 schools. One of them, Ransim, is a ransomware simulator tool that helps IT staff determine how vulnerable their networks are to ransomware attacks. 

Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015, according to Cybersecurity Ventures. That’s a 15X increase in just two years. 

More ransomware attacks will be launched on K-12 schools.

There’s power in unity. The entire U.S. K-12 school community can bond together and send out a powerful message to hackers: “We back up, and we don’t pay ransoms.”

Our schools should not be bullied by cyber criminals.

Visit to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.