Universities, K-12 schools still recovering from cyber incidents over holiday season

Universities and grade schools across the world have dealt with cyber incidents and ransomware attacks over the last month as hackers targeted lightly-staffed IT teams over the holiday season.

On Thursday, Memorial University in Newfoundland warned that a cybersecurity incident announced on December 31 would cause issues for “at least a few weeks.”

The school, which serves more than 19,000 students, had to push back the winter semester start date for both in-person and remote classes at one campus to January 8.

“Priorities such as providing laptops for faculty and staff and securing internet and Wi-Fi hotspots are being addressed,” officials said.

“Additional information technology (IT) personnel have arrived at Grenfell [campus] to assist with on-campus needs, while IT staff in St. John’s are also working with their colleagues to support the needs at Grenfell Campus.”

The school said it is working to bring WiFi access back to dorms now that nearly half of all students have moved in. But everything from payment terminals at the campus bookstore to systems at the school bursar’s office have been affected, forcing everyone to use cash.

According to school officials, law enforcement in Canada was notified of the incident as soon as the issue was discovered.

That attack came after several others in December affecting a wide range of universities around the world.

Tulane University said it is investigating a potential cyberattack following claims made by a ransomware gang.

“We are continuing to investigate this claim and any impact of this attack. All network systems are currently operating as normal,” a Tulane spokesperson told Recorded Future News.

The Meow ransomware gang said it attacked the university, which has more than 14,000 students, last month. If confirmed, the ransomware attack would be at least the 78th incident in 2023 involving a post-secondary school in the U.S. — a new record, according to Emsisoft threat analyst Brett Callow.

The Meow ransomware gang is a relatively new operation that researchers are still examining. The group took credit for an attack on Vanderbilt University Medical Center late last month.

Hackers also targeted Kaunas University of Technology in Lithuania last month.

In multiple advisories, the school said it suffered a cyberattack on December 8 that disrupted dozens of systems and led to the leak of sensitive information.

“The incident may have allowed malicious persons to gain unauthorized access to the following data of University employees: name, surname, personal identification number, residential address, telephone number, e-mail address, registration number of private cars. For your security, we recommend that you treat the data as leaked,” they said in a newly released FAQ.

“The University is continuing to investigate this incident and is gradually restoring all affected systems. Additional security measures are being put in place rather than simply restoring the functionality of these systems.”

They warned employees and students that they should be vigilant in checking for attempts to misappropriate their identities or other scams.

The school has been able to restore its systems over the last few weeks and carry courses out as usual.

K-12 attacks

Hackers also set their sights on K-12 schools. This week, the BlackSuit ransomware gang took credit for a cyberattack on Kershaw County Public School District — which serves more than 11,500 students in South Carolina.

The school did not respond to requests for comment but said in a November 27 Facebook notice that it was dealing with a district-wide internet and phone outage. The issue also affected multiple digital tools used by teachers and administrators to organize lessons and more.

They were forced to hire outside cybersecurity firms to help with the recovery ,but within two days all systems were restored.

There were several other attacks on K-12 school districts in December, including ones involving Campbell County School District in Kentucky and Milton Town School District in Vermont.

Milton Town School District confirmed in a public notice that it was dealing with a ransomware attack that encrypted and locked many of their files.

The school worked with the U.S. Cybersecurity and Infrastructure Security Agency as well as local and state-level officials to recover from the incident, which began on December 11.