January 20, 2025
Let’s start with some good news: Ransomware attacks against educational institutions worldwide reportedly fell in 2024. The worse news, of course, is that education-targeted cyberattacks in general (ransomware ones included) still happen far too frequently. They’re also more brazen, not to mention sophisticated. Oh, and not every school reports attacks, which casts doubt on the supposed decline.
“Ransomware data is often difficult to track, particularly if a school or district does not disclose or confirm the incident,” K12Dive.com noted early this year. “Research tracking U.S. K-12 ransomware attacks specifically points to a general increase in incidents in recent years. In fact, the number of K-12 ransomware attacks ballooned 393% between 2016 and 2022, from 14 to 69, according to data from national nonprofit K12 Security Information eXchange. Between November 2022 and October 2024, K-12 SIX reported another 85 incidents targeting K-12 public schools.”
In the U.S., which is second only to India in number of attacks against educational institutions, the latest invasion (as of this writing) occurred at the tail-end of 2024 and was revealed early this month. In a January 9 write-up, Education Week reported that, “The K-12 software giant that runs the most commonly used student information system in U.S. schools said a data breach could have exposed the personal information of millions of students and teachers. PowerSchool, which says its suite of school software products have more than 16,000 customers that serve 50 million students in the United States, this week notified affected customers of the hack that occurred December 28.”
Here’s how it happened, as described in a letter to customers: “An unauthorized party gained access to certain PowerSchool Student Information System (“SIS”) customer data using a compromised credential.” No other products were impacted, the letter goes on to say amid a flurry of other reassurances.
“In a Thursday webinar with school district officials,” Cybersecurity Dive reported on January 10, “PowerSchool officials noted they’re still investigating how those credentials were compromised. However, it appears that the credentials were available on the dark web for a ‘period of time well before the attack,’ said Mishka McCowan, VP of information security and CISO of PowerSchool, during Thursday’s webinar.”
Education might be one of the most targeted sectors, but it’s certainly not alone where cyberattacks are concerned. Manufacturing, municipal government, banking, healthcare—they’re all, to varying degrees, sitting ducks. According to InfoSecurity Magazine, citing an analysis by Black Kite, manufacturing tops the list of industries that are especially vulnerable to ransomware attacks in particular. “The report found that manufacturing was the number one target for ransomware groups from April 1, 2023 to March 31, 2024, facing 21% of attacks (1016 out of 4893 victims). This was followed by professional, scientific, and technical services (18%), healthcare and social assistance (6%), finance and insurance (5.7%) and educational services (5.5%).
Here’s a brief rundown of vulnerabilities and recent incidents for each sector.
MANUFACTURING ATTACKS
(Sources: Msspalert.com and socradar.io)
First, some stats from the Sophos State of Ransomware Report:
- “65% of manufacturing sector organizations were hit by ransomware in 2024, up 9 percent compared to 2023.”
- “The biggest root cause for attacks was found to be malicious emails (29%), followed by exploited vulnerability (27%) and compromised credentials (25%).”
- “The sector (included under “Industrial” in the Cost of a Data Breach report) also saw the biggest jump in the average cost of a breach, going from $4.73 million in 2023 to $5.56 million in 2024.”
Major recent attacks
(click the links for full stories on each)
- Lush (UK cosmetics company): 110 GB of data stolen
- Schneider Electric: 1.5 TB of data accessed in ransomware breach
- Nissan: Data breach exposed information on over 53,000 employees
- Cencora: Data breach exposed sensitive patient data from major pharmaceutical
companies - Snowflake: A data breach that impacted hundreds of companies, including
Ticketmaster, Santander, and AT&T
GOVERNMENT ATTACKS
(Source: Cybeready.com)
- Miami, U.S., August 2024: “A cyber-attack against public services shuts down
digital systems used by the police and City Hall. Florida law forbids paying the
ransom.” - Virginia County, U.S., August 2024: “Officials hit by malware disguised as
Freedom of Information Act requests.” - Missouri, U.S., April 2024: “An attack on weather and transport systems in
Kansas took down traffic information including cameras during a dangerous
storm.”
BANKING ATTACKS
(Source: American Banker)
- LoanDepot breachimpacts 16.9 million people
- Evolve Bank & Trust breachimpacts 7.6 million people
- FBCS breach impacts 4.2 million people
HEALTHCARE ATTACKS
(Source: Hipaajournal.com)
- Change Healthcare: “A ransomware affiliate accessed the Change Healthcare
network and used ransomware to encrypt files.” - Kaiser Foundation Health Plan: “Involved the protected health information of up
to 13,400,000 individuals.” - Ascension Health: “A Black Basta ransomware attack… disrupted clinical
operations across the Catholic health system’s 142 hospitals.”
What, then, can companies, organizations and institutions do to protect their assets, employees and customers? Same as always: Take a cue from the Boy Scouts and Be Prepared. Mindsight’s team of solutions architects and cybersecurity leaders regularly host workshops and seminars on preparation and educate clients on best practices.
How quickly can you recover from an attack in the short-term? What long-term strategy should be in place to prevent other attacks? These are critical questions that require discussion, planning, and testing – not only with IT leaders, but with CEOs, HR leaders, Finance, Operations, and Communications leaders. Cybersecurity is not just an IT problem.
About Mindsight
Mindsight delivers enterprise managed services and technology solutions to the mid-market across a variety of industries including manufacturing, financial services, government, education – just to name a few. Our solution architects and engineers are 100% expert-level and work as an extension of your IT team. Mindsight is headquartered in Downers Grove, IL, a suburb of Chicago.
Mindsight is part of the ACP CreativIT Family of Technology Solution Providers