Ransomware Reference Materials for K-12 School and School District IT Staff

Best practices for school and school district cybersecurity managers, system administrators, and other technical staff to enhance their school and/or district's security posture during distance and hybrid learning conditions.

  • Webinar: K-12 Education Leaders’ Guide to Ransomware: Prevention, Response, and Recovery
    • Co-hosted by CISA and the National Cyber Security Alliance (NCSA), this webinar, moderated by Kelvin Coleman, Executive Director, NCSA, features a discussion with Bridgette Walsh, CISA Acting Deputy Assistant Director, Stakeholder Engagement, and Ryan Kalember, Executive Vice President, Proofpoint, Inc. The panel focuses on the evolving K-12 ransomware threat landscape, some common attack vectors, and resources available to our schools to prevent, respond to, and recover from a ransomware incident. 
  • Alert (AA20-345A): Cyber Actors Target K-12 Distance Learning Education to Cause Disruptions and Steal Data
    • Numerous reports of ransomware attacks against kindergarten through twelfth grade (K-12) educational institutions continue to be reported to CISA, FBI and the Multi-State Information Sharing and Analysis Center (MS-ISAC). According to MS-ISAC data, the percentage of reported ransomware incidents against K-12 schools increased at the beginning of the 2020 school year. In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July. In response to this ransomware threat and other malicious cyber activity (such as data theft and disruption of distance learning), CISA, the FBI, and the MS-ISAC published a joint advisory that provides an assessment on recent attempts of malicious cyber actors to target K-12 educational institutions and how to mitigate these cyber-attacks. 
    • Fact Sheet: Cyber Threats to K-12 Remote Learning Education 
  • Secure Video Conferencing for Schools
    • CISA is providing a videoconferencing product for school district and campus IT administrators and staff charged with securing their IT networks, as well as end users such as teachers to help them think through cybersecurity issues. A Tip Sheet provides guidelines to keep schools, staff, and students safe.

Victims of ransomware should report it immediately to CISA at www.us-cert.gov/report, a local FBI Field Office, or Secret Service Field Office.