Hackers are targeting kindergartens for profit, warns government

Kindergartens and elementary schools struggling to educate children amid sustained coronavirus-induced remote learning can officially add a new woe to their list: hackers.

The U.S. government on Thursday issued a statement warning that criminals are specifically going after schools' distance-learning programs. And while this fits a well-established pattern, the latest alert from the Cybersecurity & Infrastructure Security Agency (CISA) makes it clear that it's no longer just colleges and universities that need to be on their guard.

"The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance-learning services," reads the statement. "Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year."

Ransomware, which over the course of the past several years has ground businesses and infrastructure to a halt across the globe, works by encrypting a target's files and demanding some form of payment — often in the form of cryptocurrency — to decrypt those files. That hackers have now moved from corporations to kindergarten, elementary, and high schools likely reflects those organizations' comparatively lax cybersecurity combined with educators' increased dependence on digital tools.

With so many working and learning from home thanks to the coronavirus, it follows that schools might be more willing to pay up should they lose access to the tools making remote learning possible.

"In these attacks, malicious cyber actors target school computer systems, slowing access, and — in some instances — rendering the systems inaccessible for basic functions, including distance learning," reads the CISA alert.

Notably, in a twist reminiscent of the Maze ransomware crew, hackers are doing more than just encrypting target schools' files.

"Adopting tactics previously leveraged against business and industry, ransomware actors have also stolen — and threatened to leak — confidential student data to the public unless institutions pay a ransom," cautions CISA.

This already troubling threat becomes doubly so when we're talking about children's personal info. In September, the Wall Street Journal reported that Las Vegas' Clark County School District students had their private data leaked after the district refused a ransomware demand for payment.

SEE ALSO: Zoom deceived users about the privacy of their calls, FTC alleges

And it's not just ransomware and data leaks that schools have to worry about. The CISA report also notes that DDoS attacks against schools are a continued threat — rendering remote-learning software temporarily unusable in the process.

As the school year drags on with, for many students, no end to remote learning in sight, the issue of cybersecurity vulnerabilities derailing eduction is likely to remain. Hopefully school districts, and the IT professionals they work with and rely on, take CISA's warnings seriously — before ransomware becomes as entrenched as the snow day.