K-12 schools in Tucson, Nantucket respond to cyberattacks

Schools in Tucson, Arizona, and Nantucket, Massachusetts, are dealing with cyberattacks as U.S. schools continue to face a barrage of threats in the first weeks of 2023. 

A spokesperson from Tucson Unified School District told The Record that they “experienced a data security incident” early on Monday morning. While the district was able to continue functioning, an investigation was started and experts were hired to deal with the remediation process. 

“TUSD schools are fully functioning and students have access to the tools they need to continue their learning and stay on track. We greatly appreciate our staff working with us to develop alternative learning plans and using hotspots, as needed, until the systems are fully restored,” the spokesperson said. 

“We appreciate the patience of our community as we take essential steps to secure our network and ensure confidential information remains safe.”

The spokesperson did not respond to questions about whether it was a ransomware attack. But local news outlets reported that on Monday, staff members found a letter from the Royal ransomware group on their printers saying the district’s data had been copied, stolen and encrypted. 

Tucson Unified School District is the largest school district in southern Arizona with more than 42,000 students and about 7,000 staff members.

The local reports said the district emailed and called parents to let them know that internet and network services were down across a number of schools. The Tucson Police Department said it is assisting in the investigation. 

Disruption in Massachusetts

The incident at Nantucket Public Schools had a smaller footprint. Officials were forced to dismiss students early on Tuesday, and all student and staff devices were shut down. 

The system enrolls more than 1,700 students, according to the Nantucket Current, which noted that classes would be shut down on Wednesday as well. 

Parents were urged not to turn on any school-issued devices out of fear that home networks would be corrupted. 

The attacks come less than a month after another school district in Massachusetts, Swansea, was forced to cancel classes due to a ransomware attack. NBC10 Boston Investigators found in 2021 that at least one in six Massachusetts communities had been infected by ransomware in the past, and at least 10 paid hackers taxpayer money to unlock their files. 

Des Moines Public Schools in Iowa also had to cancel classes two weeks ago due to a ransomware attack. 

Emsisoft ransomware expert Brett Callow said 45 districts with 1,981 schools were impacted by ransomware in 2022. The attack on Nantucket is the fifth reported incident in 2023.

K-12 resources from CISA

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) released a report with recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk after dozens of crippling attacks in 2022. 

“We must ensure that our K-12 schools are better prepared to confront a complex threat environment,” said CISA Director Jen Easterly. 

“As K-12 institutions employ technology to make education more accessible and effective, malicious cyber actors are hard at work trying to exploit vulnerabilities in these systems, threatening our nation’s ability to educate our children.”

The report came with a toolkit with more materials on things school administrators can do to harden their networks. CISA said the number of K-12 cyber incidents reported between 2018 and 2021 rose each year, from 400 to more than 1,300.

U.S. Sen. Gary Peters, who wrote the law requiring the report, said K-12 schools “are increasingly targeted by criminal hackers” and noted that the attacks “put the personal information of students and staff at risk.”

We released a report and toolkit to help K-12 organizations safeguard their networks from cybersecurity threats. The report provides easy steps & resources that K-12 orgs can use to reduce their cyber risks. Download the report & toolkit: https://t.co/ccxkKIg6tF pic.twitter.com/AwMNHyf8iy

— Cybersecurity and Infrastructure Security Agency (@CISAgov) January 24, 2023

Zach Oxman, head of state, local government and education at cybersecurity firm Abnormal Security, told The Record that part of why schools are becoming more susceptible to risk is because many have migrated or are currently migrating to cloud-based email systems yet still rely on traditional solutions to protect this new environment.

"The biggest areas of exposure for public schools today comes from a mix of the massive increase in the volume of targeted attacks, the attack methods changing, and legacy methods for shielding public schools being rendered ineffective," he said, adding that limited staff and budgets are making it difficult for schools to evolve their security systems.

Cerberus Sentinel’s Chris Clements echoed that assessment, explaining that primary schools are popular targets because they typically struggle to adequately fund cybersecurity efforts and often have access to decent sums of money that hackers believe can be used for ransoms.

“This combination of extreme vulnerability and ability to pay large extortion demands creates a compelling incentive for cybercriminals to specifically target primary education institutions,” he said.