Tennessee school hit with ransomware as gangs ramp up attacks ahead of new academic year

Ransomware gangs are accelerating their attacks against educational institutions as schools prepare to reopen, with the K-12 school for Cleveland, Tennessee telling parents and administrators this week that it is dealing with a ransomware attack.

A spokesperson for the school did not respond to requests for comment but local news outlets reported that officials with Cleveland City Schools are in the process of addressing a ransomware attack that began on Tuesday.

"Our district, like many others nationwide, is dealing with a ransomware incident. It’s important to note that this incident only affected some of the devices within our network," district spokesperson Caroline Corrigan said in the letter, according to ABC News9.

The attack follows one on Prince George's County Public Schools — one of the largest school districts in the United States — which announced on Monday that it discovered a cyberattack on its network. The Akira ransomware gang also added two primary schools to its list of victims on Thursday. Even a school in Switzerland was attacked on Thursday.

"The majority of Cleveland City Schools' devices used by our students, faculty and staff remain operational,” Corrigan said. “The affected devices constitute less than 5% of all devices connected to the network.”

The school opened its doors for students on August 9. No ransomware group has taken credit for the attack.

School officials denied that any student or faculty data had been accessed during the incident. Cleveland City Police Department and the Department of Homeland Security are now involved in the investigation, the letter said.

Cleveland is a city of nearly 50,000 people about 45 minutes away from Chattanooga near the state’s border with Georgia.

The school noted that it will not shut down to deal with the attack and in-person classes will continue.

Analysts tracking ransomware incidents typically see increases in attacks at pivotal times for schools – either at the end of the school year when administrators need technology to conduct final exams or at the beginning of the year.

The timing of attacks is intended to force schools into paying, with ransomware gangs knowing schools will need technology.

The issue has gotten so dire that the White House convened a meeting last week that laid out dozens of initiatives several government agencies plan to take to better protect schools across the U.S.

Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, told a crowd at the Def Con security conference last week that K-12 schools were one of a small group of organizations the agency planned to focus their efforts on protecting due to the increase in attacks.

Ransomware attacks on schools also have long-lasting effects. Several incidents over the last year have led to gangs leaking sensitive mental health records of students and a June ransomware attack in Colorado leaked the personal information of every student who attended Colorado public schools between 2004 and 2020.