Feb 1, 2023 - Technology

Two U.S. school districts hit with ransomware attacks this week

Illustration of a group of computers featuring chalkboards with equations on them

Illustration: Sarah Grillo/Axios

School districts in Tucson, Arizona, and Nantucket, Massachusetts, are responding to ransomware attacks on their networks this week — with at least one district canceling classes as it mitigates the impact.

Driving the news: Schools in Nantucket are closed Wednesday as the district works to understand the scope of a ransomware attack that hit their computers.

  • The district also ended the school day early on Tuesday after the attack compromised the school system's computers, according to the Nantucket Current.
  • The Tucson Unified School District — the largest school district in southern Arizona — said Tuesday night that it's been responding to a "data security incident" since Monday, but that schools are still "fully functioning." Local news reports indicate the incident is a ransomware attack.

The big picture: Schools have been near constant ransomware targets for years due to IT budget constraints and a lack of dedicated resources.

  • The Cybersecurity and Infrastructure Security Agency released a plan last week to help K-12 schools strengthen their cybersecurity regimes, accounting for the resource and budget hurdles districts tend to face.

By the numbers: Nantucket Public Schools is the fifth school district to be struck by ransomware this month, according to Emsisoft threat analyst Brett Callow.

  • Emsisoft estimates that 45 schools districts contended with ransomware in 2022.

Details: Ransomware gang Royal is likely behind the attack in Tucson, according to a copy of the ransom note obtained by local TV station KOLD News. But it's still unclear who is behind the Nantucket schools attack.

  • In Nantucket, the district has told staff and students not to use any school-issued devices because "they could compromise home networks," the Nantucket Current also reported. The district has more than 1,700 students.
  • In Tucson, most administrative staff worked from home earlier this week after the attack crashed school WiFi networks, per the Arizona Republic.

Sign up for Axios’ cybersecurity newsletter Codebook here.

Go deeper