In a joint security alert published on Thursday, the US Cybersecurity Infrastructure and Security Agency, along with the Federal Bureau of Investigation, warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services.
"As of December 2020, the FBI, CISA, and MS-ISAC continue to receive reports from K-12 educational institutions about the disruption of distance learning efforts by cyber actors," the alert reads.
"Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year," it added.
Ransomware attacks
But of all the attacks plaguing the K-12 sector (kindergarten through twelfth-grade schools), ransomware has been a particularly aggressive threat this year, CISA and the FBI said.
"According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year," the two agencies said.
"In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July," they said.
The numbers are also consistent with a recent Emsisoft report[1] where the company also noted a surge in ransomware attacks against the educational sector in Q3 2020.
The five most active ransomware groups targeting the US K-12 this year have been Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil, according to reports received by the two agencies.
Making matters worse, all five are ransomware operations known to run "leak sites[2]" where they usually dump data from victims who don't pay, which also creates the danger of having student data published online.
Commodity malware
But an increase in ransomware attacks wasn't the only problem that K-12 schools faced this school year. CISA