Universities: A New Target for Ransomware

Universities A new target for ransomware

Ransomware is a form of malware that requests payment in currency or bitcoin that hackers demand to block access to critical data and it has become one of the biggest threats to higher education.

From past few years, financial corporations or banking institutions and healthcare industries were the target for hackers to make ransom money, but now their focus has changed to schools. Today, technology in schools has empowered modern learning paths and brought a new level of innovation to the classroom. Technology has enriched the lives of students, but it needs to be managed with care, as it introduces risks to student’s safety and privacy. If not carefully monitored, the same technology that’s purpose is to enrich learning, can leave universities vulnerable to data breaches and ransomware attacks.

According to a report from Emsisoft, since the beginning of this year (2019) there were 62 ransomware incidents involving various educational organizations (school districts, colleges, universities). The count is over 1,000 educational establishments.

A similar report from cyber-security says that since January there were 54 ransomware attacks disclosed publicly by educational institutions. By their count, the potential number of schools affected is over 500.

Why Do Hackers Target Schools?

Schools and Universities store relevant amount of personal data pertaining to their students like birth-dates, social security numbers, direct deposit, banking information, credit card information etc. These can be potential threat points for hackers if not protected appropriately

Although at first glance it may not seem to be of value, this data can be easily used for phishing and malware attacks since the IT equipment and operators operating in schools are not always state of the art and really does not pay importance to such data. Additionally, they have budgetary constraints that impose some confines on correcting either of those concerns.

Ultimately, it’s the classic hacker story. Hackers need money; thus, they will spend months using malware and phishing campaigns to gain access to computer systems. Then they launch a ransomware attack, shut down the system, and demand a ransom to restore access when the time is right. The hackers plan the attack at such a critical time that the institutions have no other way than paying the ransom money.

What Happens When Hackers get Access to Information?

Once hackers get access to the school systems, they steal the personal information (identification for student records, social security numbers) of students, teachers and families. They then sell this information on the dark web, making people vulnerable to identity theft.

Many schools have been a victim of these ransomware attacks. Let us have a look at one of the case study:

Case Study:

Link: https://www.abc15.com/news/region-northern-az/flagstaff/flagstaff-schools-back-open-after-2-day-ransomware-closure

School Name: Flagstaff Unified School District

Flagstaff Unified School District (FUSD) is home to more than 9,600 students and 15 comprehensive school sites. FUSD implements the finest practices and innovative education techniques to meet their student’s requirements in Northern Arizona.


At Flagstaff Unified School District schools in Arizona, all classes were cancelled on September 5th due to ransomware attack against the district's servers.


The staff of Flagstaff Unified School District School were targeted through their district email account. The malware used in the Flagstaff situation is called RYUK. After the district discovered the attack on September 4th, 2019, they cut off access to the internet, investigated the incident and the possible damage, and cancelled classes on Thursday and Friday. They skimmed all-district, staff and student devices and installed new malware protection.

The school staff across the district plaid every single Windows laptop and desktop computer in the course of 72 hours. The school officials spent the weekend "scrubbing" every computer in the district. This process included recalling every teacher’s laptop to be backed up and reset to factory settings. Their biggest concern was whether the district lost any data or records in the process.

There was no specific demand for ransom, and thus the district never paid one. Instead, the district meticulously disconnected any internet access, backed up files, and rebooted dozens of computers as a part of our repression strategy. Students and teachers returned to school on Monday, September 9, 2019.

Cautionary Measures for Schools

School districts have become easy targets for hackers due to the lack of upgraded cyber-security. It is just like fighting a modern war with antique weapons. Schools need to start treating cyber-security with utmost importance else they may end up being insanely affected by the hackers. It is high time the schools realize this is important and do it the right way.

Parents also need to become supporters for better cyber-security, urging districts to invest in upgrades to protect their networks. In addition, they should use dark-web monitoring services that regularly scan the dark web to see if your personal information is for sale.

How Can Backup Help when Dealing with a Ransomware Attack?

The best way to evade paying ransoms and catastrophic delays is to make sure you have an uninfected copy of your sensitive information. Thus, when hackers encrypt your systems, there’s no need to worry. You can just wipe those files and upload clean duplicates. Backups need to be done regularly as you create new files and modify old ones continuously.

It is not necessary that you do everything in one go; instead, look at each folder and control how often substantial changes are made. Once you have resolute that, set up a backup schedule by saving your work on an isolated local device or in the Cloud.


Do not become a victim of ransomware attacks. Install a good antivirus in your systems and get a robust backup solution. Zmanda, our comprehensive backup solution will help you backup your data and recover it in case of such instances.

Explore More Topics