Ransomware attack forces Baltimore public schools to close for 115,000+ students

Edward Kost
Edward Kost
November 25, 2020

On Wednesday 25th November, Baltimore County’s school network was penetrated by cybercriminals and held hostage in a ransomware attack.

School staff were completely locked out of the internal network forcing the school to shut its virtual doors to 115,000+ students currently attending lessons online.

The cyber attack was announced on the Baltimore County Public Schools Twitter account. The county police department is working with the state's Emergency Management Agency and the FBI to investigate and resolve the data breach.

Details of the cyber attack are being drip-fed on social media as the investigation continues.

Because the ransomware software has locked staff out of their internal systems, they can only communicate with parents and students via social media posts, and not via email.

Ransomware attackers target and encrypt sensitive data and only reverse their actions if a ransom price is paid. Because ransomware is specifically developed to contend remediation efforts, it could take anywhere between a few days to a few weeks for online classes to commence again.

It has been announced that the school will remain closed for at least the next two days.

The latest findings of the cyber attack investigation revealed that Baltimore County Public School issued Chromebooks were not impacted by the ransomware attack. Students have been permitted to use these devices and associated Google accounts.

The security status of school issued Windows-based devices is still questionable. Students are advised to refrain from using these devices until further notice.

Since August 2020, about half of U.S public school students have been attending classes remotely, with a recent increase following a spike in Covid-19 cases across the U.S. This increased dependency upon internal systems magnifies the disruption to lesson delivery when a cyber attack takes place.

The coronavirus has forced pragmatic institutions like public schools to suddenly digitize their processes. In a rush to meet this rapid requirement, many schools have likely overlooked the prevalence and risk of data breaches.

Since organizations unprepared for cyber attacks are a prime target for cybercriminals, cyber attackers will likely continue to test the security defenses of school systems in the United States and globally.

How secure is Baltimore County Public Schools?

Baltimore County Public Schools is the school district in charge of all public schools in Baltimore County, Maryland, United States.
  • Check icon
    View our free preliminary report on Baltimore County Public Schools’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating