2020 Ransomware Attacks on U.S. Educational Institutions

Alagen Security Professionals

Ransomware is known to be one of the biggest threats in cybersecurity, and educational institutions are frequently victims of this type of attack. In fact, we’ve seen a steady stream of them being publicized, particularly as remote learning practices expand in response to COVID-19. So, we’re compiling an ongoing list of 2020 attacks on US schools as an awareness resource for the education community. We will continue to update this page throughout the year as we become aware of additional attacks.

Want to know more about ransomware? Our free ransomware guidebook is the high-level, comprehensive resource you need. Learn what ransomware is, how it works, some guidance to help you defend against it, and your options following an attack.

At Alagen, we have a dedicated service for ransomware preparedness. This ransomware-focused assessment gauges security posture against best practices and provides a strategic roadmap so you are better prepared to prevent, contain, and recover. Contact us to learn more about this efficient and effective service.

Institution: Baltimore County Public Schools, Maryland
Date of Attack:
School closed for 115,000 students as a ransomware attack hit all network systems including the district’s website, email system and grading system. The school system had to move to Twitter and robocalls to inform its community about the attack. As of November 30, they hope to return to class within days and have the network restored within weeks.
Learn More

Institution: Newall School District, California
Date of Attack: 09.13.2020
Details: Classes in the Newall School District have come to a halt for about 6,000 elementary students after a weekend ransomware attack took down computer systems. The district provided temporary pen-and-paper lessons for independent learning as they figured out how to move forward from the cyber attack.
Learn More

Institution: Fairfax County Public Schools, Virginia
Date of Attack: 09.11.2020
Details: FCPS, the largest school district in Virginia, learned that they were the subject of a ransomware attack conducted by cyber-crime group MAZE. The group sent a zip file of 2% of the data they claim to have stolen as evidence of possession. This story is ongoing.
Learn More

Institution: Hartford Public Schools, Connecticut
Date of Attack: 09.2020
Details: Hartford Public Schools were forced to postpone the first day of the 2020-2021 school year after a ransomware attack crippled the city’s ability to provide bus services to 4,000 students. The attack was likely an attempt to negotiate a large ransom with the city. The governor stated that it is a harsh reality that cyberattacks have not gone away despite the coronavirus crisis.
Learn More

Institution: Selma Unified School District, California
Date of Attack: 08.28.2020
Details: The district IT team had to take down its entire network and cancel virtual classes after a ransomeware attack disrupted the use of programs for online instruction. Everything was back up and running by the following week and no ransom was paid.
Learn More

Institution: University of Utah, Utah
Date of Attack: 07.19.2020
Details: The University was the subject of a ransomware attack that affected about 0.02% of the data on their computing servers. While they had backups to restore some of the encrypted data, the school chose to pay the ransom of $457,059 through their cyber insurance provider in an effort to prevent information from being released on the dark web.
Learn More

Institution: University of California – San Francisco, California
Date of Attack: 06.01.2020
Details: UCSF paid a ransom of $1.14 million after an attack group of data hackers, known as NetWalker, encrypted valuable academic files in a string of attacks this week. They were able to negotiate the ransom down from $3 million after explaining the devastating financial impact from coronavirus on the University this year.
Learn More

Institution: Columbia College, Illinois
Date of Attack: 05.30.2020
Details: NetWalker data hackers launched a ransomware attack on Columbia College and threatened to expose highly sensitive data, such as social security numbers, unless a ransom demand was met. It is not noted whether or not they paid the ransom.
Learn More

Institution: Michigan State University, Michigan
Date of Attack: 05.27.2020
Details: Another NetWalker ransomware attack targeted MSU. While the University was confident in restoring from backups, they were worried about their obligation to prevent a data leak that NetWalker in particular is capable of. Despite threats to release student records and financial documents, MSU refused to pay the ransom.
Learn More

Institution: Mitchell County Public Schools, North Carolina
Date of Attack: 03.27.2020
Details: Hackers were able to infiltrate Mitchel County district’s network and demand payment in cryptocurrency. While the district lost access to some documents and data, students were still able to access remote learning during remediation.
Learn More

Institution: Burke County Schools, North Carolina
Date of Attack: 03.08.20
Details: Two weeks before COVID school closings, Burke learned that it was the subject of a ransomware attack, delaying the start of remote learning by two weeks. The district’s technology team worked around the clock in tandem with cybersecurity experts to contain the attack and prevent further incidents. They were not allowed to share any other details of the attack.
Learn More

Institution: Fort Worth Independent School District, Texas
Date of Attack: 03.02.2020
Details: The malware attack on Fort Worth ISD followed a series of attacks on other Texas school districts and towns the previous year. No personal or financial information was disclosed, but the district was forced to function without technology while systems were cleaned and restored.
Learn More

Institution: Three Rivers College, Missouri
Date of Attack: 03.2020
Details: The ransomeware attack at Three Rivers College caused a shut down of most operations, including most classes. The college worked with a third-party vendor to deal with the issue and safely and securely restore every impacted system. Fortunately, there was no evidence that data was stolen or misused.
Learn More

Institution: Spartanburg School District One, South Carolina
Date of Attack: 02.26.2020
Details: The ransomware attack on Spartanburg County school district shut down computer systems for three days. By the following week, internet connectivity and network access was back up and running. Although there was no evidence of a data breach, the district received criticism for not notifying parents immediately.
Learn More

Institution: Gadsden Independent School District, New Mexico
Date of Attack: 02.24.2020
Details: For the second time within a year, Gadsden school district was compromised by Ryuk ransomware, forcing all internet and communication systems to shut down. They opted not to interact with the hackers and worked to clean and restore their systems instead of negotiating a ransom.
Learn More

Institution: Butler County Community College, Pennsylvania
Date of Attack: 02.20.20
Details: BC3 datacenter servers were hit by an attach with the sole intent of encrypting files and disabling critical systems in order to force a ransomware payment of $147,000. It is unknown whether they paid the ransom as they filed a claim through their insurance company.
Learn More

Institution: South Adams School District, Indiana
Date of Attack: 02.19.20
Details: This ransomware attack took place overnight and required a third-party cybersecurity firm to secure the network and restore from backups. The attack did not affect classes, but the district’s heating systems and security cameras were shut down for a short time.
Learn More

Institution: Niagara University, New York
Date of Attack: 2.12.2020
Details: Niagra University was hit with an attack that locked down some email servers and the school’s internet. The school’s operations were
Learn More

Institution: Nacogdoches Independent School District, Texas
Date of Attack: 02.11.2020
Details: This attack forced the Nacogdoches school district to shut down the entire computer network in an effort to minimize damage. Files contained on the districts’ PCs were affected.
Learn More

Institution: Havre Public Schools, Montana
Date of Attack: 02.2020
Details: The Havre school district was hit by Ryuk ransomware linked to Russian cyber criminals. The ransom was so terribly high (in the millions!) that paying was not an option. Fortunately, by the end of the week, they were able to restore their systems from backups.
Learn More

Institution: Mountain View Los Altos Union High School District, California
Date of Attack: 01.29.2020
Details: MVLA was the victim of a Sodinokibi ransomware attack that locked some teachers and staff out of their computer files, as well as disrupted the district’s phone system. Unfortunately, the district was just a few weeks short of a planned upgrade to its phone systems and had already begun looking at upgrading the network. MVLA’s cybersecurity insurance covered the related damages beyond the $50,000 deductible.
Learn More

Institution: ITI Technical College, LA
Date of Attack: 01.28.2020
Details: A ransomware attack hampered operations at ITI Technical College, with the VP stating that they would not be paying a ransom. The attack began as a phishing email received by an administrative employee.
Learn More

Institution: Lakeland Community College, Ohio
Date of Attack: 01.2020
Details: The school fell victim to a ransomware attack by a criminal group known to publish the stolen data online, unless the victim pays a ransom. Although there was no evidence that Lakeland’s data had been misused, they offered any potential victim an identity theft solution, as well as outlined precautionary measures victims can take to protect their information. They were able to restore all encrypted data and there has been no mention of a paid ransom.
Learn more

Institution: Panama-Buena Vista Union School District, California
Date of Attack: 01.09.2020
Details: The FBI advised PBVUSD not to pursue any link or email that contained the ransom demand. Instead, the district had strong backups to restore from. Disturbance to the internet, phones, Microsoft programs, report cards, and digital paychecks affected the district’s 23 schools.
Learn More

Institution: Pittsburg Unified School District, California
Date of Attack: 01.2020
Details: Pittsburg Unified School District was struck by ransomware during winter break. School was able to reopen as planned and students were able to continue learning without computers or internet.
Learn More

Become an Insider

Subscribe today to our free eNewsletter for security insights, exclusive invitations, and more.

Alagen Cybersecurity Solutions

Your ace in the cybersecurity foxhole. Follow us on all your social media platforms.


Become an

Alagen Insider

Subscribe today to our free eNewsletter for security insights, exclusive invitations, and more.

© 2020 Alagen, LLC. All rights reserved.