Cyberattacks are increasingly affecting pandemic-weary US schools

ALBUQUERQUE (NM) -- Teachers at a middle school located in New Mexico's largest urban area were alerted to a tech problem by a staff member during an early morning call.

Cyberattacks are increasingly affecting pandemic-weary US schools

The video featured shout-outs to the custodians for their hard work and the usual announcements by the union rep and administrators. There were signs of a crisis in the chat. Everyone was denied access to attendance records and all were locked out of grades and class rosters.

Administrators in Albuquerque later confirmed that the ransomware attack caused the disruption of access to the district’s student database. This also contains emergency contacts lists and lists of adults who are authorized to pick-up which children.

Sarah Hager, an art teacher at Cleveland Middle School, said that she didn't realise how important it was until it stopped working for her.

Cyberattacks such as the one that caused Albuquerque's largest school district to be closed for two days have become a serious threat to U.S. schools. There have been several high-profile incidents since last year. The coronavirus pandemic is exacerbated their impact. Schools have been forced to close more schools as they try to recover data and wipe all laptops manually.

Doug Levin, director at the K12 Security Information Exchange (a Virginia-based non-profit that assists schools in defending against cybersecurity risk), stated that incidents have been increasing in both frequency and severity.

Since schools are not required by law to report cyberattacks publicly, it is difficult to obtain precise data. Experts say ransomware gangs have made public schools, which are often short on cybersecurity budgets, a tempting target.

Schools have also been forced to shift to virtual learning due to the pandemic. This makes them more dependent upon technology and makes them more susceptible to cyber-extortion. Instruction has been disrupted in schools in Baltimore County and Miami-Dade County as well as districts in New Jersey, Wisconsin, and elsewhere.

Since 2016, Levin's team has been tracking over 1,200 incidents in cyber security at public schools across the country. These included ransomware attacks that lock down data and then charge hackers to unlock it. 53 "denial-of-service" attacks where attackers slow down a network or sabotage it. 156 "Zoombombing", where an unauthorized person enters on a video conference call. More than 110 phishing attacks where a misleading message tricked a user into allowing a hacker to access their network.

Schools are also facing multiple other challenges due to the pandemic. Teachers can get sick and there is no way to replace them. There are no tests or people who can test for viruses in areas that have strict protocols.

New York City's attack on Illuminate Education, a third-party software vendor, didn't cause classes to be canceled, but teachers couldn't access grades. Local media reported that the outage caused additional stress for teachers already trying to balance instruction with COVID-19 compliance and caring for sick colleagues.

Scott Elder, Albuquerque superintendent, stated that getting all staff and students online during the pandemic opened up new avenues for hackers accessing the district's systems. This was a factor in Jan. 12's ransomware attack, which canceled classes for 75,000 students.

Elder called the cancellations "cyber-snow days", and gave technicians five days to reset databases during a holiday weekend.

Elder stated that there is no evidence that student data was stolen by hackers. Although he declined to confirm whether the ransom was paid by the district, he said there would be a public process if it did.

Hager, an art teacher, stated that the cyberattack caused stress on campus in ways parents did not see.

Fire drills were cancelled because fire alarms wouldn't work. Intercoms stopped functioning.

Hager stated that nurses couldn't locate which students were there when positive test results came in. "So possibly there were students on campus who probably were sick." Hager said. It appears that the hack permanently erased a few days worth attendance records.

Edupoint, which is the vendor of Albuquerque's student database Synergy, declined comment.

Schools often choose to keep information about attacks secret or to release very little information in order to avoid revealing weaknesses in their security systems.

Elder stated that it is difficult for school districts to learn from one another because they are not supposed to speak to each other because there might be vulnerabilities.

The FBI warned last year about PYSA (or "Protect Your System Amigo"), a group that was launching attacks on schools, colleges, and seminaries. Conti is another ransomware gang that demanded $40 million last year from Broward County Public Schools. It was one of the largest in the country.

Many of these Russian-speaking groups are located in Eastern Europe, and are protected by tolerant governments. If they aren't paid, some will upload files to the dark web.

According to Brett Callow (a threat analyst at Emsisoft), ransomware gangs tend to target smaller districts in 2021 than they did in 2020. This is despite the fact that attacks on larger districts get more attention. This could be a sign that larger districts are spending more on cybersecurity, while smaller districts, with less money, are still more vulnerable.

The ransomware attack on the Synergy student information system in South Albuquerque's Truth or Consequences district, which has 1,285 students, occurred a few days after Christmas. Officials compared it with having their house robbed.

It's a feeling of helplessness and confusion, as it seems like someone is trying to take away our children's future. Superintendent Channell Segura stated that it was a disgusting way of trying to, to make money.

Although classes were not cancelled by the school because of the attack, the network is still down. There are keyless entry locks at school doors and the school's doors. Segura stated that teachers are still carrying the keys they needed to open school doors at the beginning of the year.

In October, President Joe Biden signed K-12 Cybersecurity Act. This Act requires that the federal cyber security agency make recommendations on how schools can better protect themselves.

New Mexico legislators have been slow in expanding internet usage and supporting cyber security education. State representatives presented a bill last week that would have allocated $45 million to state education to help build a cybersecurity program in 2027.

Teachers often need to be more creative in coming up with ideas for how to avoid future hacks or recover from ones that have already occurred.

Parents argued on Facebook about why schools couldn’t just switch to pen and papers in the days after the Albuquerque attack.

Hager claimed that she heard the criticism even from her mother, a former school teacher.

Hager replied, "Mom, attendance can only be taken on paper if your roster has been printed to the beginning."

Teachers could also keep duplicate copies of all records on paper -- but this would double their clerical burden.

Hager states that these systems should be able to work in an age where teachers are increasingly required by administrators to keep everything digitally.