As ransomware attacks target them, some California schools are scrambling to respond while others have done little to protect themselves.
SAN DIEGO COUNTY, Calif. — Schools aren’t exactly known for their expansive budgets. Many struggle to pay for basic operations such as functioning air conditioning and employee salaries.
But this past year, cybercriminals have attacked a growing number of schools across California and the country. A handful of California schools, colleges and universities have experienced ransomware attacks, often with harsh consequences: Sierra College had some systems shut down during finals week, Newhall School District’s 10 elementary schools went a week without online school during the pandemic, and UC San Francisco paid a $1.14 million ransom.
While hospitals and oil pipelines might seem lucrative, schools hardly scream “Jackpot!”
The average ransom paid by mid-sized organizations across the world in 2021 is about $170,000, according to a survey by London-based software company Sophos. Still, cybercriminals try to make their ransoms affordable. UC Berkeley cybersecurity researcher Nick Merrill said he thinks would-be thieves will charge as much as schools are willing to pay.
“At the end of the day, (the criminals) don’t want this to drag out for a long time, that increases their liability,” he said. “I’m guessing they’ll pick the highest number that they think you’ll pay quickly.”
Ransomware attacks are increasing against schools not only in California but across the country, according to several experts. How schools respond and what security measures they have in place are evolving rapidly.