Getty Images

Ransomware attacks ravage schools, municipal governments

Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv.

September saw many disclosures and public reports of ransomware attacks against school systems, universities and municipal governments.

It was a familiar trend for ransomware activity in the U.S. this year, as data compiled by TechTarget Editorial has shown. Earlier this year, we began tracking public reports of ransomware attacks and disclosure notifications each month, the results of which are contained in an online database.

Last month, TechTarget Editorial tracked 16 public reports and official disclosures of ransomware attacks -- more than half of which involved public school systems, colleges, or city and county governments. While the number of total disclosures and confirmed reports was once again low compared with the early months of 2022, several high-profile attacks wreaked havoc on education and public services.

Arguably the most high-profile example was the attack on Los Angeles Unified School District (LAUSD). The second-largest public school system in the U.S., with more than half a million students, was struck by the Vice Society ransomware gang over Labor Day weekend. Despite the attack, LAUSD held classes and resumed operation following the holiday.

However, Vice Society last weekend published 500 GB of stolen data on its dark web leak site. The data reportedly includes students' personally identifiable information (PII), academic records, disciplinary records and some health information. The data leak followed a statement from LAUSD last Friday in which the school district said it would not give in to Vice Society's ransom demand.

"Los Angeles Unified remains firm that dollars must be used to fund students and education," the statement said. "Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate."

Other K-12 systems were attacked as the new school year began. Elmbrook School District in Brookfield, Wis., was struck at the end of August. Vice Society also claimed responsibility for the attack. Elmbrook officials announced that only a "limited amount" of data was posted to the ransomware gang's dark web site, and the data did not include personal information such as Social Security numbers.

Ransomware attacks continued to affect higher education institutions as well. Last week, William Carey University, a private college based in Hattiesburg, Miss., suffered an attack that temporarily disrupted its websites and email service. The college announced that its IT department shut down the campus networks to contain the attack, and that operations and classes were expected to resume in full on Monday. It's unclear if any data was stolen or leaked as a result of the attack.

Savannah College of Art and Design in Georgia was also victimized recently. The art school reportedly responded to a network intrusion and avoided any operational disruption. However, the ransomware gang AvosLocker claimed responsibility for the attack and published data to its leak site that apparently included students' PII.

In addition to K-12 schools and colleges, several municipal governments suffered ransomware attacks. Fremont County in Colorado disclosed an attack by BlackCat/Alphv, which might have compromised employee information as well as caused significant network disruptions that limited government services. More recently, an attack on Suffolk County, N.Y., disrupted government operations, including emergency services for police and first responders. BlackCat/Alphv also claimed responsibility for the Suffolk County attack.

The confirmed reports and disclosures in September collected by TechTarget Editorial likely represent only a portion of the actual ransomware activity that has taken place. As with past months, many data breach notification letters in September described security incidents that suggest a ransomware attack had occurred, but did not explicitly state that one took place. We were unable to confirm these possible ransomware attacks and did not include them in the entries for September.

Dig Deeper on Data security and privacy

Enterprise Desktop
Cloud Computing