Cyber attacks on schools: How Metro Detroit districts must prepare

Hackers grab control of district systems, data, then demand ransom

It’s a problem across the country, including right here in Metro Detroit.

School districts are being targeted by hackers. The cyber attacks can shut down systems, lead to leaked personal information, and leave some schools paying hefting ransoms.

Cyber attacks on schools skyrocketed during the pandemic, striking everywhere from UCLA to school districts in Broward County, Florida, Toledo and Metro Detroit. Unfortunately, there is no sign hackers are going to stop.

“You’re talking about 5 to 12-year-olds and shutting down their learning?” said Jeff Pelzel, superintendent at Newhall School District in Santa Clarita, California.

Newhall is a small school district just outside Los Angeles. Its students and teachers were locked out of payroll, grades and lesson plans for nearly two weeks as hackers demanded money. The superintendent admits they did not have a cyber attack response plan.

“I don’t think most school districts have that in place. They have it around, you know, like earthquakes and school shootings and that kind of stuff. But I don’t think most have a response manual connected to ransomware attacks,” said Pelzel.

Scott Bailey, a managing partner with N1 Discovery in Troy, Mich., said districts have to understand this isn’t going to get better unless they are prepared. His company helps districts with cyber security.

“School districts just have to realize that this is a significant issue, it’s not going to go away,” said Bailey.

Cyber attacks on schools jumps

Cyber attacks on U.S. schools hit a record 408 in 2020. Kindergarten Through Twelfth Grade Security Information Exchange (K12 SIX) is a non profit that tracks the incidents. They believe that number is much higher since many cases go unreported.

“Our schools in the state of Michigan are not exempt,” said Bailey. “And we’ve already assisted several schools that have been breached. The hackers did get in and they were exfiltrating data about the students. In some cases there’s ransom involved in other cases it’s not, they’re just in there to steal the data.”

In 2020, Walled Lake Consolidated Schools had a system outage linked to a cyber attack. The district kept it from affecting virtual learning.

Moreover, the FBI investigated a cyber security attack on Monroe Public Schools this past June. It initially impacted the district’s phone system, software tools and google products.

“From the hackers’ perspective, they don’t care where you are, they just attack, they find a vulnerable system and they go after it,” said Bailey.

Bailey said hackers can get into a system and be there for days, even weeks, grabbing data. Then they launch a ransomware attack.

“Now you have a double pain point, right -- the systems are down, you cannot operate your school, but I as the hacker also have all of your data, and if you don’t pay the ransom, I’m going to publish,” said Bailey.

Schools are urged to double down on security right now:

  • Block access to suspicious websites
  • Regularly change all passwords
  • Teach students and staff email security basics
  • Back up all systems off-line
  • Never skip a security update
  • Hire a cyber security team if you can

Bailey said the start of the school year is often when hackers strike when they know school is up and running and districts don’t want it disrupted.

More information: The K-12 Cybersecurity Resource Center

About the Author:

Karen Drew is the anchor of Local 4 News First at 4, weekdays at 4 p.m. and 5:30 p.m. She is also an award-winning investigative reporter.