You’ve got to be a grade A sleaze bag to steal from kids’ public schools.
But that’s exactly what a growing number of slime balls are doing when they hack into schools’ computer networks and hold their data for ransom.
Even worse – districts are paying it!
Just this week the Rockville Center School District in New York state paid an $88,000 ransom to get back files that had been encrypted by Ryuk ransomware.
The district negotiated the payment down from $176,000. School directors only decided to pay after realizing it would cost more to hire another firm to fix the problem.
Plus the school had insurance that covered ransomware so it only ended up losing its $10,000 deductible.
But this district isn’t the only one being extorted by these basement dweller bandits.
In July, alone, schools in New Mexico, Nevada, Louisiana, Oklahoma, Alabama, Connecticut and another in New York suffered similar cyber attacks.
Nor do they show any signs of slowing down.
A report by cybersecurity firm Recorded Future concluded that attacks on state and local governments have reached an all time high. There were 170 cyber attacks since 2013, of which 22 occurred just this year.
After years of budget cuts and downsizing, hackers see local governments like wolves see the oldest and weakest animals in the herd – easy pickings.
And schools are particularly vulnerable.
They often have small IT departments, antiquated equipment and the cheapest cybersecurity.
That’s why in recent months schools in Lake City, Fla.; La Porte County, Indiana; and Riviera Beach, Fla. have all paid ransoms to regain access to their data.
If you think about it, data is one of the most financially valuable things schools have.
Districts are responsible for students’ privacy in so many ways – records of special services, grades, accommodations, discipline, etc. In addition, schools are large employers with privileged information on their staffs including healthcare, finances, insurance, social security numbers, etc.
School directors and administrators have a responsibility to safeguard this information. It’s no wonder, then, that many are giving in to these demands, especially when nefarious nonentities ensure payment is cheaper than any other alternative.
Even so, what a monster you have to be to squeeze schools in order to make a buck!
Every dollar you blackmail away from district coffers is a dollar not spent on children’s educations.
That’s less money for teachers, supplies, classes, tutors, nurses, counselors, etc.
You aren’t stealing candy from a baby. You are literally snatching away opportunities for a better future.
Given the stakes involved, it shouldn’t be all up to individual districts to stop cyber thieves. The state and federal government should be flexing their muscles to help.
One thing they can do is toughen laws against using ransomware.
Maryland legislators proposed a law to consider ransomware attacks that resulted in a loss of more than $1,000 as a felony, which would then be subject to a fine of up to $100,000 and 10 years in jail.
Current Maryland laws define such attacks that extort less than $10,000 as misdemeanors, while only a breach that results in a loss of greater than $10,000 is a felony.
But some argue that there are already federal laws on the books criminalizing ransomware such as The Computer Fraud and Abuse Act and the Electronic Communications Privacy Act. Unfortunately, these laws don’t mention ransomware specifically and may be too broad.
Federal and state governments could at least offer grants to update school cybersecurity to make such attacks more difficult. Otherwise, the burden becomes an exponential increase in the cost of doing business for schools which can only be made up by increasing local taxes and/or cutting student services.
Another option would be setting up a federal program to step in whenever schools are victims of ransomware. After all, these are public schools! If they were under attack by armed terrorists, the federal government wouldn’t think twice before jumping in.
With federal resources, perhaps we could stop all schools from ever paying these ransoms again. Because that’s the only way to truly end these cyber attacks.
As long as schools and governments are willing to pay, there will be trolls unscrupulous enough to take advantage.
Public services set up to meet the public good should never have to shortchange society so they can meet some fool’s ransom demand.
Ransomware has been around since at least 2012. The largest incident so far came last year with the WannaCry attack which infected more than 200,000 computers in about 150 countries, including the United Kingdom’s National Health Service, at a cost of about $4 billion.
It’s past time we got serious in dealing with these cowards.
As technology increases, data crimes have become more common. In fact, there are far too many legal ways to pilfer private data.
Schools, in particular, do a bad job of safeguarding student data by entering into unregulated and nefarious contracts with ed tech companies. Contracts with these companies commonly contain loopholes allowing them to take student data at will and sell it.
The situation is worsened by the supply-side economic policies governing public schools. There are already numerous roads to privatize public schools and turn tax dollars into corporate profits. Moreover, the standardized testing industry monetizes learning when their services are mandated by the state and federal government. They conveniently offer to remediate the large numbers of students who don’t score well on these same tests and cash in on both ends.
With so many fully legal ways to steal education dollars from practices and policies that actually help kids learn, it’s no surprise where these shadow dwellers get their ideas.
As repulsive and selfish as these hackers are, they’re only taking the greed of the testing, privatization and ed tech industry to its logical conclusion.
What kind of a—hole ransoms school data?
The a—holes we allow to get away with it.
Like this post? I’ve written a book, “Gadfly on the Wall: A Public School Teacher Speaks Out on Racism and Reform,” now available from Garn Press. Ten percent of the proceeds go to the Badass Teachers Association. Check it out!
9 thoughts on “What Kind of A—hole Ransoms School Data?”
I was a victim of Ransomware a few years ago and refused to pay the ransom. Instead, I reached out for help from friends and one of them suggested I go to “R Computer” in Concord California.
I unhooked all the cables and took my CPU to them and …
R Computer got rid of the Ransomware and retreived all of my files and programs. They also added more security to my computer. The cost of going to R Computer to get reid of the Ransomware ended up less than the demands from the Ransomware thieves.
I’m glad to hear you were able to foil their attempts at extortion. Thanks for sharing, Lloyd.
At the risk of sounding like an old-timer, schools never used to have problems like these until they went solely online. What was so bad about putting pen to paper?
If we had the redundancy of both paper and electronic records, school data would be harder to ransom. But it could still be easily stolen. With a faster paced society comes these sorts of evils. We need modern humans to participate in our modern technologies, but we are still the same unenlightened goons from the Neolithic.
The same kind of a-holes that don’t “steal” it, but tell you they will take it in their terms and conditions.
[…] Steven Singer asks, “What kind of a—hole ransoms school data?” The a—holes we allow to get away with it. […]
[…] WHAT I LIKE ABOUT IT: Ed tech companies are seen for the danger they bring to education. Students are protected from having their entire lives impacted by the choices of ignorant school administrators or school […]
[…] is valuable information about one of the most lucrative demographics in the marketplace. Companies use it to help sell products targeted directly to consumers. And they can even sell […]