Reading, Writing, and Ransomware: New Attacks Greet Students

Update Tuesday, September 3, 2019: to reflect new victims identified by Armor

As of today, Armor’s Threat Resistance Unit (TRU) security team has identified four new ransomware victims since Friday, August 30 bringing the total to 17 new ransomware victims in the past 11 days.  Ten of them  are school systems.   Education officials across the US are dealing with a rash of ransomware attacks, just as students are settling into the new school year. The 10 school systems affected are in Connecticut, New York, New Jersey, Indiana, Washington, Virginia and Idaho. The attacks are part of an ongoing, relentless assault on critical networks and data in what’s quickly becoming “The Year of Ransomware.”

It’s interesting to note that 10 of the victims are school systems, with concentrations in Connecticut (4) and New York (3). Three of the schools have identified Ryuk as the ransomware that encrypted their files. The Rockville Center School District reported that they were initially faced with a ransom of $176,000, but their insurance company was able to renegotiate the ransom to $88,000. Rockville Center’s out-of-pocket deductible was $10,000. There is no word yet whether any other organizations have cyber insurance or plan to pay ransoms.

Since January, Armor has identified 153 ransomware victims in the U.S., including schools, municipalities, law enforcement agencies and healthcare networks. Out of the 153 victim organizations compromised by ransomware in 2019 in the U.S., educational institutions (30) make up the second largest pool of victims, after municipalities (69), followed by healthcare (26). The Dental Record/PerCsoft, which created software and back-up services for over 400 dentists, now joins a growing list of 7 managed service providers who have been attacked in 2019 including Datto, CloudJumper and iNSYNQ. These numbers only include publicly reported incidents. The number of attacks that go unreported is much higher. The FBI reported 1,493 ransomware cases last year, and anti-virus provider Kaspersky reports to have tracked millions of attempted ransomware attacks in 2018.

Four New Victim Organizations Identified Since Friday, August 30, 2019

The Dental Record/PerCSoft—Milwaukee/West Allis, WI*
Temple University Health System—Philadelphia, PA
Datto—Norwalk, CT
CloudJumper—Garner, NC (May 2019)

*As many as 400 dentists have been notified

The 17 victim organizations which have publicly reported ransomware attacks in the last 11 days:

The Dental Record/PerCSoft—Milwaukee/West Allis, WI*
Temple University Health System—Philadelphia, PA
Datto—Norwalk, CT
CloudJumper—Garner, NC (May 2019)
Lake County—Crown Point, IN
Rockville Center School District—Rockville Center, NY
Moses Lake School District—Moses Lake, WA
Mineola Public Schools—Mineola, NY
Stevens Institute of Technology—Hoboken, NJ
New Kent County Public Schools—New Kent, VA
Nampa Idaho School District—Nampa, ID
Middletown Public Schools—Middletown, CT
Wolcott Public Schools—Wolcott, CT
Wallingford School District—Wallingford, CT
New Haven Public Schools—New Haven, CT
Watertown Daily Times—Watertown, NY
Hospice of San Joaquin—San Joaquin, CA

“Just like municipalities, which rely on critical systems to manage records and revenue in a community, school districts host data and systems critical to their community and its students,” said Chris Hinkley, head of Armor’s Threat Resistance Unit (TRU) security team. “Thus, hackers know that schools cannot afford to shut down, and that budgets are typically stretched thin, so they often have few security protections in place, both aspects which make them a viable target. And unfortunately, several of the previous attacks on public institutions (the Rockville Center School District, which paid out $88,000 in ransom, Riviera City, Florida which paid a $600,000 ransom and Lake City, Florida which paid $500,000 ransom), have signaled to the hackers that impacting entire communities can be very lucrative.”

 

Published Friday, August 30, 2019

Armor Identifies 13 New Ransomware Victims Including 10 Educational Institutions

Education officials across the US are dealing with a rash of ransomware attacks, just as students are settling into the new school year. Armor has identified 13 new organizations that have fallen victim to ransomware attacks, including 10 school systems in Connecticut, New York, New Jersey, Indiana, Washington, Virginia and Idaho. The attacks are part of an ongoing, relentless assault on critical networks and data in what’s quickly becoming “The Year of Ransomware.”

The following 13 organizations have been publicly reported as being hit by ransomware:

Lake County—Crown Point, IN
Rockville Center School District—Rockville Center, NY
Moses Lake School District—Moses Lake, WA
Mineola Public Schools—Mineola, NY
Stevens Institute of Technology—Hoboken, NJ
New Kent County Public Schools—New Kent, VA
Middletown Public Schools—Middletown, CT
Wolcott Public Schools—Wolcott, CT
Wallingford School District—Wallingford, CT
New Haven Public Schools—New Haven, CT
Watertown Daily Times—Watertown, NY
Hospice of San Joaquin—San Joaquin, CA

It’s interesting to note that 10 of the victims are school systems, with concentrations in Connecticut (4) and New York (3). Three of the schools have identified Ryuk as the ransomware that encrypted their files. The Rockville Center School District reported that they were initially faced with a ransom of $176,000, but their insurance company was able to renegotiate the ransom to $88,000. Rockville Center’s out-of-pocket deductible was $10,000. There is no word yet whether any other organizations have cyber insurance or plan to pay ransoms.

Since January, Armor has identified 149 ransomware victims in the U.S., including schools, municipalities, law enforcement agencies and healthcare networks. Out of the 149 victim organizations compromised by ransomware in 2019 in the U.S., educational institutions (31) make up the second largest pool of victims, after municipalities (69), followed by healthcare (25). These numbers only include publicly reported incidents. The number of attacks that go unreported is much higher. The FBI reported 1,493 ransomware cases last year, and anti-virus provider Kaspersky reports to have tracked millions of attempted ransomware attacks in 2018.

“Just like municipalities, which rely on critical systems to manage records and revenue in a community, school districts host data and systems critical to their community and its students,” said Chris Hinkley, head of Armor’s Threat Resistance Unit (TRU) security team. “Thus, hackers know that schools cannot afford to shut down, and that budgets are typically stretched thin, so they often have few security protections in place, both aspects which make them a viable target. And unfortunately, several of the previous attacks on public institutions (the Rockville Center School District, which paid out $88,000 in ransom, Riviera City, Florida which paid a $600,000 ransom and Lake City, Florida which paid $500,000 ransom), have signaled to the hackers that impacting entire communities can be very lucrative.”

Publicly Reported Victims of Ransomware 2019 – Educational Institutions

Education Bridgeport Public Schools Bridgeport CT
Education Augustana College Rock Island IL
Education Park Rapids Public Schools Park Rapids MN
Education Taos Municipal Schools District Taos NM
Education Crosby ISD Crosby TX
Education Grinnell College in Iowa Grinnell IA
Education Hamilton College in New York Clinton NY
Education Oberlin College Oberlin OH
Education Sugar-Salem School District Sugar City ID
Education Oklahoma City Public Schools Oklahoma City OK
Education Wolcott Public Schools Wolcott CT
Education Sul Ross State University Alpine TX
Education Middletown Public Schools Middletown CT
Education Wallingford School District Wallingford CT
Education Houston County Schools Ashford AL
Education Louisiana Public Schools Sabine Parish LA
Education Gadsden Independent School District Gadsden NM
Education Lyon County School District Yerington NV
Education Monroe College New York NY
Education Syracuse City School District Syracuse NY
Education Broken Arrow Public Schools Broken Arrow OK
Education Newport Public Schools Newport RI
Education Northwest Indian College Bellingham WA
Education Glenwood School District Glenwood IA
Education Moses Lake School District Moses Lake WA
Education Mineola Public Schools Mineola NY
Education New Haven Public Schools New Haven CT
Education Rockville Center School District Rockville Center NY
Education Stevens Institute of Technology Hoboken NJ
Education Nampa Idaho School District Nampa ID
Education New Kent County Public Schools New Kent VA

 

Map of publicly reported US ransomware attacks January-August 2019