Under Attack: California Schools Face Ransomware Threat

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Sixth grade teacher Hilary Hall had just started teaching one Monday morning in September when her teacher’s group chats at Newhall School District exploded with confused messages. Teachers in the Santa Clarita school district — located just north of Los Angeles — were panicking.

While Hall had no issues logging onto her computer from home, many of her colleagues, connected to the school district’s server, were met with a mysterious pop-up message.

It said users wouldn’t be able to log into the server.

People turned to Hall, co-president of the district’s teacher’s union, for information, but she didn’t know what was going on, either.

A few minutes later, an answer arrived via phone call from each grade’s head teacher: The school district, all 10 schools representing under 6,000 children, had been hit with a ransomware attack. All teachers were instructed to log off immediately.

“Read a book!” Hall told the kids in her class, trying to think of educational activities on the spot as she quickly logged off.

While incidents like the Colonial pipeline ransomware attack and the Kaseya attack received international attention, schools and universities have also been on the wrong end of cybercriminals.

Experts interviewed by CalMatters — including researchers, cybersecurity companies, IT employees and the FBI — all agree the number of cyberattacks has increased over the pandemic. Many believe the number of attacks on the education sector has also increased, but it’s an area so new to cybercrime that there’s virtually no comprehensive data on it.

Emsisoft, a New Zealand-based software company, expects these data theft attacks to double in 2021.

California schools, colleges and universities have scrambled to adjust. In the past five years, more than two dozen California school systems have been targeted, from Rialto Unified School District in San Bernardino to Stanford University’s School of Medicine.

Prior to the ransomware attack last September, Newhall had implemented what experts consider common sense security measures like internal firewalls to prevent malicious software from affecting entire systems. A few…