Baltimore County Schools Crippled by Ransomware Attack
Thanksgiving break is going on longer than expected for students in Baltimore County, Maryland, after a ransomware attack on the school district’s network last week affected websites, email systems, and grading systems. According to the announcement of the attack on 25 November, approximately 115,000 students would be affected by the shutdown, and there is no clear timeline for schools to reopen.
School officials said in a news conference that they are working closely with state and federal law enforcement and the Maryland Emergency Management Agency to investigate the attack, The Baltimore Sun reported.
And FINALLY looks like our system is up and running. So here's the latest: https://t.co/DmWcBtFA29
— Liz Bowie☀️ (@lizbowie) November 25, 2020
As a result of the coronavirus pandemic, all Baltimore County schools were operating remotely, with no in-person classes, making the disruption to network information systems crippling to the region. Offices are currently open, although classes are closed for students today and Tuesday.
The district advised all students, parents, and teachers not to turn on their school laptops until the scope of the attack was assessed. As of Sunday, officials had notified students and staff via Twitter that school-issued Chromebooks were not impacted, but school-issued Windows-based devices were still being assessed and should not be used.
(1/3) Our focus today and for Monday and Tuesday is identifying and addressing student and staff device needs so that instruction can continue.
— Baltimore County Public Schools (@BaltCoPS) November 29, 2020
We now know that BCPS-issued Chromebooks were not impacted by the cyber attack.
The shutdown is the latest in a line of ransomware attacks targeting cities or government infrastructure. In May 2019, the City of Baltimore was hit by a ransomware attack that crippled the city’s 7,000 users. City officials refused to pay the ransom (approximately $100,000) and were forced to painstakingly restore its systems and investigate the attack—an effort that had cost nearly $18.2 million as of September 2019.
Schools in particular have been hard-hit this year. The FBI released a security alert in July 2020 for K-12 schools, warning about an increase in ransomware attacks. The warning was warranted.
From July through September, at least 16 U.S. school districts were victimized by a ransomware attack, according to GCN. In September, one of the largest public school systems in Connecticut was forced to delay its first day of classes after a ransomware attack affected two-thirds of the city’s servers.