Schools sustained almost the same number of cyberattacks in 2022 as 2021, despite the U.S. government’s efforts to thwart the threat, according to Emsisoft’s year-end report published on Monday. The endpoint protection firm identified one more incident last year than the year prior.
A collective push from all levels of government and defenders at large failed to make a significant dent in ransomware activity targeting the nation’s schools.
“Unfortunately, it was a case of same old, same old,” Emsisoft said.
At least 44 universities or colleges and 45 U.S. school districts were hit by ransomware attacks in 2022. The total marks the slightest possible increase from the 88 education institutions impacted the year prior, according to Emsisoft.
The number of ransomware attacks impacting the education sector is likely much greater. Not all incidents are publicly disclosed or claimed as such by threat actors on the dark web.
Rate of ransomware attacks against schools holds steady
Number of ransomware attacks in schools, government by year
The number of schools potentially affected by these attacks was also much greater last year. School districts hit by ransomware in 2022 represent 1,981 schools, almost double the amount of K-12 schools potentially compromised in 2021.
Schools were not alone. Local and state governments also saw ransomware levels hold steady.
Ransomware groups successfully exfiltrated data from U.S. schools at a rate of nearly two-thirds in 2022, up from half of all organizations hit in 2021.
Los Angeles schools took a big hit in 2022
The most high profile and potentially damaging incident occurred during Labor Day weekend when Vice Society compromised the Los Angeles Unified School District’s systems and stole roughly 500 gigabytes of data.
The prolific ransomware group was singled out in a joint Cybersecurity Advisory from federal authorities the same day LAUSD went public with the attack.
Within a month Vice Society posted about 250,000 files on the dark web, some containing Social Security numbers, contracts, W-9 tax forms, invoices and passports, according to data observed by threat researchers at Check Point.
There are at least 16,800 school districts spread across the U.S. and the Los Angeles schools system is the second largest in the country, outranked by New York City alone.
District officials in Los Angeles said there was no response to the ransom demand, but at least three other education organizations paid a ransom demand in 2022, according to Emsisoft.
Emsisoft focused on government and education because those sectors are more likely to publicly disclose ransomware attacks. The company aggregated data from disclosure statements, press reports, the dark web and information feeds but the company warns some incidents undoubtedly escaped attention.
That’s in addition to the ransomware attacks that may never come to light.
“A minority of ransomware attacks on private sector companies are publicly disclosed or reported to law enforcement, which results in a dearth of statistical information,” the report said. “The reality is that nobody knows for sure whether the number of attacks are flat or trending up or down.”
