Colleges and schools across US dealing with ransomware incidents, cyberattacks

Thousands of students at several U.S. schools started the week feeling the impact of ransomware attacks and other cybersecurity incidents.

Bluefield University — a private Baptist school in Bluefield, Virginia serving about 1,000 students – published a statement on Sunday announcing that their systems “have been shut down for an unknown period of time due to a recent cybersecurity attack.” Two hours away across the border in West Virginia, BridgeValley Community and Technical College said it continued to deal with a ransomware attack that is now believed to be the work of the Akira cybercrime gang.

Meanwhile, Penncrest School District — which serves thousands of students in Crawford County, Pennsylvania — announced a ransomware attack over the weekend that disrupted their systems, while Nashua School District in New Hampshire said it was investigating a cyberattack.

The attacks continue a trend in 2023 of ransomware gangs targeting small colleges and K-12 institutions with cyberattacks. Just last week, Truman State University in Kirksville, Missouri said it is in the process of recovering from a “cybersecurity virus attack” that forced it to shut down the campus network and order all school-issued devices to be turned off.

Administrators at Bluefield University said they decided to shut down their systems “in an effort to maintain system integrity during the investigation and remediation process.”

"Bluefield University is actively assessing the situation and is in contact with professionals throughout this process," said spokesperson Joshua Cline.

"At this time no member of the campus community should access campus systems, including e-mail, until notice is provided. Updates to the campus community will be provided via RAMAlert text or social media pages as they are unaffected."

The statement notes that students are in the middle of final exams and that commencement was planned for May 6. All exams scheduled for Monday were postponed and faculty was urged to contact senior school leadership for more information.

The school did not respond to requests for comment about whether it was a ransomware attack.

On Monday, the Akira ransomware gang claimed it was behind the attack on BridgeValley, but did not say how much data was stolen. The school confirmed the incident in a statement on Twitter, writing earlier in April that it was suffering from a ransomware attack on its systems.

“Everyone on campus is asked to shut down all systems,” the school said on April 4. No further updates were ever provided publicly on the ramifications of the incident and the school did not respond to requests for comment.

The school, which has more than 2,000 students, told a local news outlet that they planned to notify students and employees if their investigation revealed that data was stolen.

“Small colleges and universities are unlikely to be able to invest as much in cybersecurity as larger organizations, and that means they’re merely likely to be caught in spray-and-pray attacks,” said Emsisoft ransomware expert Brett Callow.

Callow noted that data shows there have been at least 27 confirmed ransomware attacks on U.S. colleges and universities so far in 2023.

K-12 closures

In addition to the colleges that were attacked, multiple K-12 schools were attacked in recent days.

“Over the weekend, the PENNCREST School District became aware of a situation, believed to be a ransomware event, which has disrupted certain aspects of our operations,” administrators at the Penncrest School District said on Monday.

“Following our plan, we shut down and disconnected the entire network and technology infrastructure. We are now working diligently with external cybersecurity specialists to conduct a thorough forensic investigation into the nature and scope of the event and to securely restore operations.”

The district went on to say that the investigation is still in “its very early stages” but noted that the outages were affecting their internet connectivity, printers, telephones and more. A list of alternative phone numbers were provided to parents while the district worked to restore downed systems.

Penncrest School District was not the only school district dealing with a cybersecurity issue. On Sunday, the Nashua School District told local news outlets that it was hit by a "sophisticated" cyberattack that required them to hire a cybersecurity firm.

“We are working diligently to investigate the incident, confirm its impact on our systems, and securely restore functionality to our environment as soon as possible,” said Nashua Superintendent of Schools Mario Andrade in a statement.

Emsisoft’s Callow noted that At least 22 K-12 districts in the U.S. have been impacted by ransomware already this year. The districts have 499 schools between them, he added.