Hackers want millions in ransom. American schools are considering the cost.
The ransomware attack on her daughter’s school was the last thing Glynnis Sanders needed.
Like most parents, Sanders has been performing a daily juggling act. When she’s not teaching special education classes at Buffalo Public Schools, she and her husband are usually making sure their three kids are attending their remote classes.
So it hit hard when hackers struck the school of her youngest daughter in early March, the Friday before she was supposed to finally return to in-person learning twice a week.
“It’s very frustrating. You think, how could this happen? You wonder if your information is secure,” Sanders said. “It’s just the headache of Covid as it is, and it’s adding to the stress of the school year. Like what else could happen?”
The hackers infected Buffalo’s schools with malicious code that spidered through their networks, freezing computers and making it impossible for teachers to reach their students who were working remotely because of the pandemic. They demanded a ransom to make it go away.
School officials canceled remote classes for the day while they figured out what to do. They would end up needing more than a week to resume their planned class schedule. A single infection of a school district can affect dozens or hundreds of schools: Buffalo counts 63 individual schools and learning systems.
In public statements, Buffalo Public Schools referred to what happened broadly as a “cybersecurity attack.” But it wasn’t a mindless act of internet vandalism. Buffalo had become the latest in a long spree of ransomware attacks, a type of hack where malicious software locks as many related computers as possible, rendering files inaccessible in an attempt to coerce victims to pay up.
The attack underscores how a once obscure form of cybercrime now preys on Americans almost daily. While some ransomware gangs spend months targeting large businesses in hopes of a giant payday, many also go after institutions that don’t have dedicated cybersecurity staff or expensive cybersecurity contracts to better protect them from…