Ransomware Attack Targets Baltimore County Public SchoolsSecurity Incident Affecting School District's Virtual Classes
Officials with the Baltimore County Public Schools are investigating a ransomware attack that disrupted virtual learning for students on Wednesday. Now, the district has been forced to call-off its virtual classes until next Monday, when children return from the Thanksgiving holiday break.
On Wednesday, Mychael Dickerson, the district's chief of staff, confirmed via Twitter that several schools in Baltimore were affected after ransomware attackers targeted its IT systems and caused network interruption.
Here is the latest update:— Mychael Dickerson (@DMDForward) November 25, 2020
Baltimore County Public Schools can now confirm we were the victim of a Ransomeware cyber attack. This caused systemic interruption to our network information systems. Our BCPS technology team is working to address the situation. Updates as available.
Speaking to the Baltimore Sun newspaper, Dickerson added the attacks led to extensive damage and severely impacted its operations.
In addition to the district, the incidents is under investigation by local and state police in Maryland as well as the FBI, officials say.
The Baltimore County Public Schools district is one of the largest in the U.S. and serves about 115,000 students across dozens of schools. The district's website also remained offline Thursday.
Although the district's schools remain shut because of the Thanksgiving break and are not physically functional due to the COVID-19 pandemic, in a separate alert, the Baltimore Public Schools noted that its virtual learning classes would be called off until Monday, the Baltimore Sun reported.
The school authorities also advised students and teachers taking virtual lessons to only use school-issued laptops and devices in the wake of the attack.
City Schools is aware of computer network challenges today in Baltimore County schools. Students participating in virtual learning should only use City Schools-issued laptops or devices. Students without access to a City Schools-issued device will be granted an excused absence.— Baltimore City Public Schools (@BaltCitySchools) November 25, 2020
Details of the attack remain unclear, however, some teachers from an affected school noted on social media that their files were encrypted using .ryuk extension, the Baltimore Sun reported. Ryuk, is a crypto-locking malware that has been active since 2018 and has been used to target large-scale enterprise systems as well as local and state government agencies (see: Ransomware Attacks: STOP, Dharma, Phobos Dominate).
Rising Ransomware Attacks
The attacks against Baltimore County school district are the latest in a series of ransomware incidents targeting schools and universities in the U.S.
Cybersecurity experts had been predicting a spike in ransomware attacks as new hybrid learning environments go online and unpatched equipment that has spent months in the homes of students and faculty is reconnected to school networks (see: As Classes Resume, Schools Face Ransomware Risk).
In September, Hartford Public Schools in Connecticut cancelled its classes as a result of a ransomware attack. Prior to this, online instruction at Miami-Dade County Public Schools in Florida was disrupted by distributed denial-of-service attacks (see: Ransomware and DDoS Attacks Disrupt More Schools).
Since the COVID-19 pandemic started, schools in Alabama, Oklahomaand New York, and other locations, have had their operations affected by some type of online attack. According to Brett Callow, a threat analyst with the security firm Emsisoft, 78 school districts and universities have been hit with ransomware so far this year, compared to 89 in 2019.
Baltimore: Target of Interest
This is also not the first time that ransomware groups have targeted public organizations in Baltimore.
In May 2019, a ransomware attack on the city's information systems and municipal services, although the incident did not affect its 911 and 311 emergency phone systems, along with the public safety agencies.
Officials said the city was targeted by a relatively new malware called RobbinHood ransomware, although officials decided not to pay a ransom of 13 bitcoins - then worth about $100,000 for decrypting all of the files (see: Baltimore Ransomware Carnage Compounded by Local Storage).
Prior to that incident, in March 2018, Baltimore was hit by a ransomware attack that crippled the city's IT infrastructure. That attack affected the computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls, Reuters reported.