Ransomware tracker: The latest figures [September 2023]

Note: this Ransomware Tracker is updated on the second Sunday of each month to stay current

With classes back in session, ransomware gangs are ramping up their attacks targeting schools.

At least 27 schools and districts were hit with ransomware in August, compared to 19 the previous month, according to data collected by Recorded Future from extortion sites, government agencies, news reports, hacking forums, and other sources. More than 400 schools were impacted by the attacks, because some incidents — like attacks targeting Prince George's County Public Schools in Maryland and Edmonds School District in Washington — involved dozens of schools that enroll tens of thousands of students.

Ransomware gangs view schools as especially vulnerable targets as they prepare to open their doors after long summer breaks. Many victims had to cancel classes or delay their start date.

Prince George's County Public Schools — one of the largest school districts in the United States with more than 130,000 students — announced two weeks before the start of its school year that it was hit by a cyberattack that caused a network outage. A Pennsylvania school district serving about 10,000 students cancelled classes for several days late last month after being hit by a ransomware attack.

Network outage update: PGCPS experienced a cyber attack on the system’s network that was detected early Monday morning, Aug. 14. An estimated 4,500 user accounts out of 180,000 were impacted, primarily staff accounts. (1/4)
— PGCPS (@pgcps) August 15, 2023

Even the University of Michigan had to sever ties to the internet after experiencing a cyberattack in late August.

The issue has gotten so pervasive that the White House held a K-12 cybersecurity summit last month where they announced a variety of new measures, including increased cybersecurity funding for schools.

“It's crystal clear: we must take cyberattacks on our schools just as seriously as we take physical attacks on critical infrastructure,” Deputy Education Secretary Cindy Marten said. “That's why, as we head back to school, it's critical we bring everyone together so we can help ensure that our schools are well equipped with the necessary guidance and also support so that we can raise awareness of this issue.”

2023_0907 - Ransomware Tracker - Victim Data Released on Ransomware Extortion Sites.jpg

2023_0907 - Ransomware Tracker - Most Prolific Groups.jpg

2023_0907 - Ransomware Tracker - Reported Ransomware Attacks on Healthcare Providers.jpg

2023_0907 - Ransomware Tracker - Reported Ransomware Attacks on State and Local Governments.jpg

2023_0907 - Ransomware Tracker - Potential Schools Impacted.jpg

Graphs from this ongoing project can be shared and reproduced with proper attribution.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Adam Janofsky

Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.