The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint warning that malicious cyber actors are targeting kindergarten through twelfth-grade (K-12) educational institutions. These actors are initiating ransomware attacks, data thefts, and general disruption of distance learning efforts. The agencies expect these attacks to continue through the 2020-21 academic year.

Among other things, cyber actors have launched ransomware attacks against school computer systems, rendering them inaccessible for distance learning and other basic functions. They have also stolen and threatened to leak confidential student data and personal information unless the institutions paid a ransom. In August and September 2020, 57 percent of ransomware incidents reported to MS-ISAC involved K-12 school, compare to 28 percent of such incidents from January through July.

The joint report also notes that uninvited users have disrupted live videoconference classroom sessions in a manner similar to the “Zoom-bombing” that afflicted the early pandemic adoption of that platform. Such disruptions have included verbal harassment of participants and displaying pornography or violent images.

The agencies also warned that cyber actors could use distance learning to deploy phishing methods similar to those used against businesses. Such tactics involve tricking victims into revealing passwords, bank account numbers, or other personally identifiable information. They could also involve deceiving distance learners into performing a task, such as clicking a link that secretly downloads malware or purchasing gift cards for scammers.

As with businesses, the best defenses against these attacks remain the same. These defenses include:

  • Ensuring your software is up to date, with all the most recent patches and updates
  • Using multi-factor authentication wherever possible
  • Setting antivirus and anti-malware solutions to update automatically, to scan daily, and where possible, to actively intercept threats.
  • Ensuring users—whether educational system employees or students—know of the threats and how they are delivered
  • Ensuring users know how to react in the event of suspicious activity or a confirmed cyberattack
  • Backing up important data regularly

For more information regarding this article, please contact Sean Griffin.

For information regarding Dykema’s Privacy and Data Security Team, please contact Cindy Motley.

To sign up for Dykema’s Privacy and Data Security Blog e-mail updates, please click here.


As part of our service to you, we regularly compile short reports on new and interesting developments and the issues the developments raise. Please recognize that these reports do not constitute legal advice and that we do not attempt to cover all such developments. Rules of certain state supreme courts may consider this advertising and require us to advise you of such designation. Your comments are always welcome. ©2020 Dykema Gossett PLLC.