Ransomware discovered in school system computer networks in Cleveland, Tennessee, has affected some devices though most equipment on the system is working as officials probe what happened.
The ransomware incident came to school officials' attention Tuesday, according to a Cleveland City Schools news release.
"The majority of Cleveland City Schools' devices used by our students, faculty and staff remain operational," district spokesperson Caroline Corrigan said Tuesday in the release and statement to parents. "The affected devices constitute less than 5% of all devices connected to the network."
Sensitive information is secure off-site, and "there is no indication of any compromise to student, faculty or parent data," the statement said.
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable, according to the U.S. Cybersecurity and Infrastructure Security Agency. Malicious actors then demand ransom in exchange for decryption.
Ransomware actors often target and threaten to sell or leak illegally obtained data if the ransom is not paid. In recent years, the agency said, ransomware incidents have become increasingly prevalent among state and local government entities and critical infrastructure organizations, and schools are especially vulnerable.
"Schools are a target for cyberattacks because they hold valuable information such as staff and student personal data, but school districts often lack resources to build a comprehensive cybersecurity program," agency Stakeholder Engagement Division Assistant Director Alaina R. Clark said in an Aug. 10 statement on cybersecurity efforts launched with the new school year. "The recent expansion of school networks that was essential to providing remote learning during COVID-19 has left many K-12 schools 'target rich, cyber poor.'"
On Aug. 10, the White House held its first-ever cybersecurity "summit" on the ransomware attacks plaguing U.S. schools, in which criminal hackers have dumped online sensitive student data, including medical records, psychiatric evaluations and even sexual assault reports.
K-12 schools are in the crosshairs, according to Clark.
"For K-12 schools, cyber incidents are so prevalent that, on average, there is more than one incident per school day," Clark said.
The federal agency offers schools resources and a toolkit for dealing with the problem using recommended response plans and safety measures.
A similar cyberattack at Chattanooga State Community College in June compromised the personal information of 1,244 people, the majority of whom had taken the GED test at the college's testing center in 2012 and 2013, school officials said at the time.
The college chose not to engage with the attackers on advice from the FBI, Tennessee Board of Regents and cybersecurity experts, school spokesperson Nancy Patterson said in June. The school responded in part by providing free credit monitoring from Equifax for one year to those affected by the attack.
Officials in Cleveland, meanwhile, are addressing the attack and getting the school year off to a good start.
"Our technology team is working tirelessly to ensure the integrity of our systems and data," Corrigan said. "We want to emphasize that despite this challenge, our students will remain on a regular schedule. Strong backup systems are in place, and a third-party recovery company is assisting us to ensure that there is minimal disruption."
The district's cyber-incident response plan was activated as soon as an attack was detected, she said, and an investigation is ongoing.
"Cleveland City Schools is in close contact with the Cleveland City Police Department and Homeland Security to manage this situation effectively," Corrigan said. "Our district leaders will provide updates to our staff, families and community as additional information becomes available."