Cybercrime as-a-service , Endpoint Security , Fraud Management & Cybercrime

Ransomware Attack Targets Baltimore County Public Schools

Security Incident Affecting School District's Virtual Classes
Ransomware Attack Targets Baltimore County Public Schools

Officials with the Baltimore County Public Schools are investigating a ransomware attack that disrupted virtual learning for students on Wednesday. Now, the district has been forced to call-off its virtual classes until next Monday, when children return from the Thanksgiving holiday break.

See Also: Work Smarter, Not Harder: Implementing MDR

On Wednesday, Mychael Dickerson, the district's chief of staff, confirmed via Twitter that several schools in Baltimore were affected after ransomware attackers targeted its IT systems and caused network interruption.

Speaking to the Baltimore Sun newspaper, Dickerson added the attacks led to extensive damage and severely impacted its operations.

In addition to the district, the incidents is under investigation by local and state police in Maryland as well as the FBI, officials say.

The Baltimore County Public Schools district is one of the largest in the U.S. and serves about 115,000 students across dozens of schools. The district's website also remained offline Thursday.

Although the district's schools remain shut because of the Thanksgiving break and are not physically functional due to the COVID-19 pandemic, in a separate alert, the Baltimore Public Schools noted that its virtual learning classes would be called off until Monday, the Baltimore Sun reported.

The school authorities also advised students and teachers taking virtual lessons to only use school-issued laptops and devices in the wake of the attack.

Details of the attack remain unclear, however, some teachers from an affected school noted on social media that their files were encrypted using .ryuk extension, the Baltimore Sun reported. Ryuk, is a crypto-locking malware that has been active since 2018 and has been used to target large-scale enterprise systems as well as local and state government agencies (see: Ransomware Attacks: STOP, Dharma, Phobos Dominate).

Rising Ransomware Attacks

The attacks against Baltimore County school district are the latest in a series of ransomware incidents targeting schools and universities in the U.S.

Cybersecurity experts had been predicting a spike in ransomware attacks as new hybrid learning environments go online and unpatched equipment that has spent months in the homes of students and faculty is reconnected to school networks (see: As Classes Resume, Schools Face Ransomware Risk).

In September, Hartford Public Schools in Connecticut cancelled its classes as a result of a ransomware attack. Prior to this, online instruction at Miami-Dade County Public Schools in Florida was disrupted by distributed denial-of-service attacks (see: Ransomware and DDoS Attacks Disrupt More Schools).

Since the COVID-19 pandemic started, schools in Alabama, Oklahomaand New York, and other locations, have had their operations affected by some type of online attack. According to Brett Callow, a threat analyst with the security firm Emsisoft, 78 school districts and universities have been hit with ransomware so far this year, compared to 89 in 2019.

Baltimore: Target of Interest

This is also not the first time that ransomware groups have targeted public organizations in Baltimore.

In May 2019, a ransomware attack on the city's information systems and municipal services, although the incident did not affect its 911 and 311 emergency phone systems, along with the public safety agencies.

Officials said the city was targeted by a relatively new malware called RobbinHood ransomware, although officials decided not to pay a ransom of 13 bitcoins - then worth about $100,000 for decrypting all of the files (see: Baltimore Ransomware Carnage Compounded by Local Storage).

Prior to that incident, in March 2018, Baltimore was hit by a ransomware attack that crippled the city's IT infrastructure. That attack affected the computer-assisted dispatch system, which is used to support and direct 911 and other emergency calls, Reuters reported.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.