top of page

What K-12 Institutions Need to Know About Ransomware

On January 7, 2022, a ransomware attack on the software provider Finalsite affected over 5,000 schools, most of them in the United States. Across the U.S. approximately 8,000 schools — including boarding schools, high schools, and colleges — use the Finalsite software, which is headquartered in Connecticut. It was ransomware, which Finalsite discovered on some of its network.

Ransomware attacks successfully disrupted remote learning across the country, especially during the pandemic and remote learning. This includes a ransomware attack that forced Baltimore County Public Schools to close in November 2020. Since then, ransomware disrupted more than a thousand K-12 schools in the U.S.

These attacks have a much larger impact than disrupted learning. The platforms hold a wide variety of student data in addition to grades, including mental health data.

The rise in ransomware attacks, especially among academic institutions, is something all schools should pay attention to. Ransomware is typically spread through phishing emails and will either display an intimidating message such as: “Your computer has been infected with a virus. Click here to resolve the issue.” or no message at all, allowing the victim to believe they dodged a bullet.

Schools are often left with few options to recover their data and are recommended to pay the ransom even though doing so does not guarantee release of the files. That is why it is so important for schools to take preventive measures that help avoid ransomware in the first place. Follow these tips to increase defenses against ransomware.

Back Up Files

Backing up files is one of the best defenses against a ransomware attack. Make certain to keep an “off-site” backup that is not connected to the primary network. This way, if ransomware strikes, an ability to recover the files exists. Make certain to test backups regularly, at least twice a year. The backup files are only good if they can fully restore what's needed.

Keep Anti-Virus and Anti-Malware Software Up to Date Anti-virus software is a great tool to stop an attempted breach. It is critical, however, that the software is kept up to date to ensure protection against the latest threats is always present.

Use A Spam Filter

Spam filters detect unsolicited, unwanted, and virus-infested email and stop it from getting delivered to an email inbox. Most Internet Service Providers (ISPs) use spam filters to limit spam, but these are controlled by the ISP. An independent spam filter is an effective way to tailor risk to the institution.

Keep Your Operating Systems and Software Up to Date Ransomware takes advantage of vulnerabilities in outdated operating systems and software applications. Make certain all software is updated on a regular basis, especially operating systems, including Windows 10, and Mac OS.

Restrict Administrative Privileges

Any environment where administrative privileges are restricted is more stable, predictable, and easier to administer & support, as only a few – usually IT Support -- can make significant changes to the operating environment, either intentionally or unintentionally. If ransomware does make its way into a computer, the lack of administrative rights will limit what the perpetrator can do.

Train The Faculty and Staff Many ransomware attacks begin with a phishing email, so it’s important for the faculty and staff to remain educated on what these look like. Make sure the staff know not to open suspicious emails from unverified senders or click on unsolicited web links. Tools are available to make this job easier. Cyber insurance firms are examining the efforts institutions take to prevent ransomware and will adjust premiums accordingly.

What to Do If you Fall Victim to Ransomware

If you experience a ransomware attack you should turn off the infected computer and disconnect it from the network. An infected computer can take down all other PCs sharing the network. Then call an IT professional at once!

It is important to stay current with the various methods bad actors are using to take advantage of academic institutions. We compiled “best practices’ that succinctly help mitigate risk. Visit our blog for best our cybersecurity best practices and tips on spotting and protecting against ransomware attacks.


Roark Tech Services is constantly watching the Internet to spot scams and warn our clients. We are experts in cybersecurity and cybercrime, uniquely qualified to aid the academic community and help them stay safe & competitive. Always consult with us first. If you do not have an IT Partner that you can trust to give you the right support and advice, we would love to help. Contact us.



bottom of page