Federal agencies warned ransomware attacks against schools may increase this school year, in a joint cybersecurity advisory issued Tuesday.
Attacks may increase as the school year begins “and criminal ransomware groups perceive opportunities for successful attacks,” said the advisory issued by the FBI, the Cybersecurity and Infrastructure Security Agency and the Multi-State Information Sharing and Analysis Center.
“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cyber criminals can still put school districts with robust cybersecurity programs at risk,” the advisory warns.
“K-12 institutions may be seen as particularly lucrative targets due to the amount for sensitive student data accessible through school systems or their managed service providers,” it said.
The agency recommends mitigating actions including encrypted backups, a review of third-party vendors’ security, a recovery plan and multifactor authentication, among other measures.
On Wednesday, Reuters reported that the Los Angeles Unified School District, the second largest group of public schools in the United States, said it was targeted by a ransomware attack over the Labor Day weekend that caused “significant disruption” but did not lead to classes being canceled.
The district said while schools remained open on Tuesday, business operations might be delayed or modified.
The district did not specify what information, if any, was breached.