The Register: Cyber crooks shut down UK, US schools, thousands of kids affected

Source URL: https://www.theregister.com/2024/09/11/uk_us_school_ransomware/
Source: The Register
Title: Cyber crooks shut down UK, US schools, thousands of kids affected

Feedly Summary: No class: Black Suit ransomware gang boasts of 200GB haul from one raid
Cybercriminals closed some schools in America and Britain this week, preventing kindergarteners in Washington state from attending their first-ever school day and shutting down all internet-based systems for Biggin Hill-area students in England for the next three weeks.…

AI Summary and Description: Yes

**Summary:** The text outlines recent ransomware attacks affecting schools in the US and the UK, leading to significant disruptions in educational services. Cybercriminals exploited vulnerabilities, particularly focusing on institutions with limited IT budgets and resources. The incidents underscore the urgency for improved cyber defense strategies in educational settings.

**Detailed Description:**

The incidents described in the text highlight the increasing frequency and severity of ransomware attacks on educational institutions, affecting students and their families across both America and Britain. Key points include:

– **Victimization of Educational Institutions:**
– Highline Public Schools in Washington and Charles Darwin School in England both faced significant disruptions due to ransomware attacks.
– Highline Public Schools had to cancel activities and classes due to unauthorized activity detected in their systems, prioritizing student safety over normal operations.
– Charles Darwin School confirmed that their IT issues stemmed from a ransomware attack, leading to a three-week shutdown of internet-based systems.

– **Impact and Response:**
– Highline Public Schools’ situation involved third-party infosecurity experts and law enforcement to help isolate systems and restore normal operations.
– In contrast, Charles Darwin School reported potential exposure of sensitive data and is conducting a forensic investigation to understand the breach’s full scope.

– **Trends in Cybersecurity Threats:**
– The text notes that 108 K-12 school districts in the U.S. were victims of ransomware attacks in the past year, indicating a broader trend affecting educational institutions.
– The presence of a group called Black Suit, believed to be linked to previous ransomware gangs, further emphasizes the organized nature of these attacks.

– **Vulnerability of Schools:**
– Experts pointed out that schools are particularly vulnerable targets due to smaller IT budgets and fewer resources.
– A survey mentioned in the text revealed that 83% of organizations experienced ransomware attacks, with schools being a significant target.

– **Recommendations for Security Measures:**
– The need for schools to assess their critical services—specifically mentioning Active Directory (AD) vulnerabilities—as these are often single points of failure.
– The advice to work closely with IT providers and develop contingency plans for what to do when critical systems fail demonstrates the practical implications of enhancing security posture in educational environments.

**Implications for Security and Compliance Professionals:**
– Ransomware continues to pose serious risks to educational institutions, which require urgent attention from cybersecurity professionals.
– Implementing robust security frameworks, conducting regular vulnerability assessments, and ensuring that backup systems and recovery plans are in place can mitigate such risks.
– Compliance with regulatory guidelines on data protection in education, such as FERPA in the U.S. and GDPR in the UK, becomes increasingly critical as the threats evolve.