You’ve got to be a grade A sleaze bag to steal from kids’ public schools.
But that’s exactly what a growing number of slime balls are doing when they hack into schools’ computer networks and hold their data for ransom.
Even worse – districts are paying it!
The district negotiated the payment down from $176,000. School directors only decided to pay after realizing it would cost more to hire another firm to fix the problem.
Plus the school had insurance that covered ransomware so it only ended up losing its $10,000 deductible.
But this district isn’t the only one being extorted by these basement dweller bandits.
Nor do they show any signs of slowing down.
A report by cybersecurity firm Recorded Future concluded that attacks on state and local governments have reached an all time high. There were 170 cyber attacks since 2013, of which 22 occurred just this year.
After years of budget cuts and downsizing, hackers see local governments like wolves see the oldest and weakest animals in the herd – easy pickings.
And schools are particularly vulnerable.
If you think about it, data is one of the most financially valuable things schools have.
Districts are responsible for students’ privacy in so many ways – records of special services, grades, accommodations, discipline, etc. In addition, schools are large employers with privileged information on their staffs including healthcare, finances, insurance, social security numbers, etc.
School directors and administrators have a responsibility to safeguard this information. It’s no wonder, then, that many are giving in to these demands, especially when nefarious nonentities ensure payment is cheaper than any other alternative.
Even so, what a monster you have to be to squeeze schools in order to make a buck!
Every dollar you blackmail away from district coffers is a dollar not spent on children’s educations.
That’s less money for teachers, supplies, classes, tutors, nurses, counselors, etc.
You aren’t stealing candy from a baby. You are literally snatching away opportunities for a better future.
Given the stakes involved, it shouldn’t be all up to individual districts to stop cyber thieves. The state and federal government should be flexing their muscles to help.
One thing they can do is toughen laws against using ransomware.
Maryland legislators proposed a law to consider ransomware attacks that resulted in a loss of more than $1,000 as a felony, which would then be subject to a fine of up to $100,000 and 10 years in jail.
Current Maryland laws define such attacks that extort less than $10,000 as misdemeanors, while only a breach that results in a loss of greater than $10,000 is a felony.
But some argue that there are already federal laws on the books criminalizing ransomware such as The Computer Fraud and Abuse Act and the Electronic Communications Privacy Act. Unfortunately, these laws don’t mention ransomware specifically and may be too broad.
Federal and state governments could at least offer grants to update school cybersecurity to make such attacks more difficult. Otherwise, the burden becomes an exponential increase in the cost of doing business for schools which can only be made up by increasing local taxes and/or cutting student services.
Another option would be setting up a federal program to step in whenever schools are victims of ransomware. After all, these are public schools! If they were under attack by armed terrorists, the federal government wouldn’t think twice before jumping in.
With federal resources, perhaps we could stop all schools from ever paying these ransoms again. Because that’s the only way to truly end these cyber attacks.
As long as schools and governments are willing to pay, there will be trolls unscrupulous enough to take advantage.
Public services set up to meet the public good should never have to shortchange society so they can meet some fool’s ransom demand.
Ransomware has been around since at least 2012. The largest incident so far came last year with the WannaCry attack which infected more than 200,000 computers in about 150 countries, including the United Kingdom’s National Health Service, at a cost of about $4 billion.
It’s past time we got serious in dealing with these cowards.
As technology increases, data crimes have become more common. In fact, there are far too many legal ways to pilfer private data.
Schools, in particular, do a bad job of safeguarding student data by entering into unregulated and nefarious contracts with ed tech companies. Contracts with these companies commonly contain loopholes allowing them to take student data at will and sell it.
The situation is worsened by the supply-side economic policies governing public schools. There are already numerous roads to privatize public schools and turn tax dollars into corporate profits. Moreover, the standardized testing industry monetizes learning when their services are mandated by the state and federal government. They conveniently offer to remediate the large numbers of students who don’t score well on these same tests and cash in on both ends.
With so many fully legal ways to steal education dollars from practices and policies that actually help kids learn, it’s no surprise where these shadow dwellers get their ideas.
As repulsive and selfish as these hackers are, they’re only taking the greed of the testing, privatization and ed tech industry to its logical conclusion.
What kind of a—hole ransoms school data?
The a—holes we allow to get away with it.
Like this post? I’ve written a book, “Gadfly on the Wall: A Public School Teacher Speaks Out on Racism and Reform,” now available from Garn Press. Ten percent of the proceeds go to the Badass Teachers Association. Check it out!