Today Kaspersky released the results of a survey of parents of children in K-12 schools in the United States, revealing that 9% of respondents said their school has been hit with a ransomware attack while their child was a student there. Three in four parents who reported an attack said the school was forced to close for at least one day, with an average reported closure of 2.3 days.
Among surveyed parents who stated that their child’s school had been hit with a ransomware attack, 61% said their child’s personal data was compromised in the attack. Seventy-one percent of parents said that their school paid a ransom to the attackers.
The number of ransomware attacks on American school districts has risen sharply in recent years, a trend that coincided with the sudden adoption of remote learning last year. Eighty-five percent of attacks, according to the surveyed parents, occurred after the onset of the pandemic (summer 2020 to present). Even with most schools having returned to in-person learning, the attacks do not appear to be slowing down, with attackers sometimes demanding ransoms as high as millions of dollars in order to unlock critical data and allow the school to restore operations.
“Even though schools aren’t necessarily as lucrative as other industries, ransomware attackers often pursue what they perceive to be vulnerable targets, hitting as many of them as possible,” said Kurt Baumgartner, principal researcher at Kaspersky. “It’s easy to forget that these criminal gangs are also stealing private data. While it’s good to see that most ransoms aren’t necessarily that big, the theft of children’s personal data is a very serious concern. A good first step for school administrators is to coordinate with the Multi-State Information Sharing and Analysis Center, which can provide a lot of help at no cost to the school.”
Fourteen percent of parents reporting an attack said that their school didn’t pay a ransom, while 15% said they didn’t know if the school did or not.
According to parents, the ransoms tended to be relatively small. Forty-four percent of those reporting attacks said their school paid $100,000 or less. Fourteen percent said the payment was between $5,001 and $10,000 – the most commonly reported range. Ten percent said the school paid, but the parent didn’t know how much.
Kaspersky researchers remind any ransomware attack victims to contact the FBI and to check NoMoreRansom.org find out if there is a decryptor available, rather than ever paying a ransom, even if it’s relatively small. They also urge school administrators to perform regular backups of data, promptly install all available software updates and to implement basic cybersecurity practices such as two-factor authentication.
The survey also found that 80% of parents were happy with their school’s response to the attack, while 11% had mixed feelings and only nine percent were unhappy.
An earlier Kaspersky survey found that schools and parents have been taking important steps to address this issue. More than two-thirds (68%) of parents said in May they thought their school was somewhat or very prepared to defend themselves from cyberattacks. Eighty percent said their school had communicated about their cybersecurity preparedness, while 80% also said the school had shared best practices for students and parents. Seventy-five percent of parents said they talk with their children at least regularly about practicing good security hygiene, addressing topics such as the importance of using strong passwords.
Parents’ greatest worry, according to the earlier survey, was the compromise of their children’s personal data, with 43% of parents ranking it as their top concern.
Opinion Matters conducted the fall survey of 2,000 U.S.-based parents of school-age children, equally split among parents with children in elementary, middle and high school grade levels, between October 21, 2021 and October 27, 2021. Responses were submitted anonymously, to the best of participants’ knowledge.
· Survey data summary
· June 2021 survey report: Ransomware, schools and parents
· Digital learning toolkit for educators
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments, and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies, and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.
- Ransomware payments according to parents
- School closures resulting from ransomware attacks, according to parents