Like many school districts across the country, Baltimore County Public Schools, located in Maryland, had to accommodate virtual learning for the fall 2020 semester. However, two days before Thanksgiving, they suffered a ransomware cyberattack, causing a shutdown across their network systems.
The attack was reported to have been detected late Tuesday night on November 24th and caused the school to close the following day, which was a day earlier than initially planned. The following Wednesday morning, Darryl Williams, the school district’s superintendent, stated, “Baltimore County Public Schools has been the victim of a ransomware cyberattack. We decided to close all BCPS schools and offices today in order to assess and limit the impact of the attack.” Not only did the school district close that Wednesday, but late Sunday night, the district officials announced that schools would remain closed on the following Monday and Tuesday.
A ransomware attack is a cyber-attack that rejects user access to a system and threatens to release the victim’s information until a certain financial ransom is paid. In this situation, district officials commented that their ransomware attack caused a halt in virtual learning for their 115,000 students, denied access to district websites, emails, and grading systems. Several teachers have reported that their home computers froze and now contain many corrupted files. Needless to say, panic spread quickly among the teachers and students who feared possibly losing their data. In fact, many teachers have reported that they have lost their lesson plans along with other data.
On Sunday, before they announced an extended school closure for Monday and Tuesday, the school district informed students that the school-provided Chromebooks and Google accounts were safe to use; however, Windows devices should be avoided until further notice. Kathleen Causey, chair of the Baltimore County Public Schools, described the attack as “very disturbing.” stating that “students were relying on us to provide education and other opportunities.”
The school district officials declined to provide any specific information regarding the exact details of the attack and what demands have been made by the attacker. Jim Corns, the district’s executive director of information technology, stated that the BCPS’s data and information have not been stolen nor released, but instead, school officials have just been denied access to it. Reuven Aronashvili, founder and chief executive of a cybersecurity firm, commented on a ransomware attack’s pressure element. He explains that “ransomware mainly works on pressure elements. If you’re able to put enough pressure, someone will pay. That’s the entire business model.” An anonymous computer expert also commented on the attack by emphasizing that the attacker behind this ransomware attack had most likely been initiating and organizing their plans for weeks in order to understand the school district’s data system.
Baltimore County Public Schools announced on Monday, November 30th that virtual learning would be able to resume on Wednesday, December 2nd. However, there was a checklist that needed to be completed before online classes could begin. Most of the checklist tasks involved both teachers and students running a confidence check on their computers to ensure that their equipment was not damaged.
As education has shifted online in most schools, cyberattacks can have a powerful impact on the function of a school and disrupt education for a worrying amount of time. As we consider the current situation in Baltimore, we must reflect on how we can protect against such attacks in the future.