A ransomware attack targeting schools on the island of Nantucket, Massachusetts, forced the closure Tuesday of four establishments, counting a total of roughly 1700 students.
The district’s superintendent Elizabeth Hallett announced the decision in an email to parents and seen by Infosecurity.
“Together with outside data security experts, our Information Technology Department has been working very hard all day to restore our computers and internet service,” Hallett wrote.
“However, out of an abundance of caution, we will be canceling school tomorrow, Wednesday, February 1, for all staff and students.”
The superintendent also clarified that all athletic practices and games, the Nantucket Community Pool and the Early Childhood Center at Nantucket Elementary School had continued activities as scheduled.
According to Chris Clements, VP of solutions architecture at cybersecurity company Cerberus Sentinel, primary schools are a popular target for cyber-criminals for two reasons: the vulnerability of their IT systems and the ability to pay significant extortion demands.
“To protect their organization and students, educational institutions must adopt a culture of cybersecurity that makes prevention, detection and response a real priority,” Clements told Infosecurity in an email.
“The good news is that effective cybersecurity doesn’t require massive spends on the latest pricey tools, and organizations of any size and means can meaningfully improve their cybersecurity posture by leveraging publicly available system-hardening configurations and focusing on attack surface minimization."
At the same time, the security expert added that there is no substitute for experienced talent to continue to protect institutions over time.
“Educational systems should encourage internal IT personnel to get cybersecurity training or look for partners to augment their personnel capabilities.”
Ransomware and other cybersecurity attacks targeting the education sector are widespread phenomena. Just a few weeks ago, hackers leaked confidential data from 14 UK schools stolen during a 2022 attack attributed to the notorious Vice Society group.