Baltimore Schools Ransomware Attack Recovery Status Update
A ransomware attack against Baltimore County Public Schools has triggered a multi-day malware recovery effort, and schools will be closed on November 30 and December 1, district officials have announced.
Baltimore County Public Schools (BCPS) is the nation’s 25th largest school district. BCPS educates more than 115,000 students in 175 schools, centers, and programs in Maryland.
The Baltimore county police department is working with the FBI and the Maryland Emergency Management Agency (MEMA) to investigate the ransomware attack. BCPS did not mention whether it has hired MSSPs (managed security service providers) or third-party forensics investigators to assist with the investigation and recovery. Also, the BCPS did not disclose the hackers’ ransomware demands nor whether the district paid the extortion fee.
School districts remain prime targets for attack. Indeed, a September 2020 ransomware attack against Clark County School District (CCSD) in Las Vegas ultimately triggered a data breach involving Social Security numbers, student information and other private information.
Baltimore County Public Schools: Ransomware Attack Timeline
Here’s a timeline of the Baltimore County Schools ransomware attack and associated recovery effort:
- Wednesday, November 25, 9:26 a.m. ET: Baltimore County Public Schools (BCPS) confirms it suffered a ransomware cyberattack. The attack “caused systemic interruption to our network information systems,” the district says, while urging users not to leverage BCPS-issued devices.
- Wednesday, November 25: BCPS holds a press conference offering some basic information about the attack.
- Friday, November 27, 5:58 p.m. ET: BCPS describes the attack as “catastrophic” and vows to share daily updates at 4:00 p.m. ET.
- Saturday, November 28, 4:00 .m. ET: Amid the continuing IT outage, BCPS says schools will be closed for students on Monday, November 30, and Tuesday, December 1. BCPS offices will be open and staff will receive additional information about Monday and Tuesday.
- Sunday, November 29: The district website says staff and students may now use their personal devices to access virtual learning and other tools. However, all users should “continue to avoid using Baltimore County schools devices to access City Schools resources. You may use asynchronous online platforms that we know are secure, such as iReady, Imagine Math, Amplify online, etc.”
Baltimore County and Baltimore City: Background and Previous Attack
Baltimore County borders Baltimore City, but the two areas are separate municipalities, several readers point out. And while Baltimore County schools suffered a ransomware attack this time around, the city of Baltimore suffered its own RobbinHood (aka RobinHood) ransomware attack in May 2019.
Indeed, cybercriminals used RobbinHood (aka RobinHood) ransomware during the attack and demanded about $100,000 in Bitcoin to unlock hijacked files; they also shut down most of the city’s servers and some government applications.
Amid the fallout, the Baltimore Board of Estimates in October 2019 approved the city’s purchase of $20 million in cyber liability coverage. Baltimore officials previously discussed buying cyber insurance in August after cybercriminals launched a ransomware attack against the city earlier in the year.
Ransomware Attacks Target MSPs, IT Service Providers
Meanwhile, data center providers and MSPs remain prime targets for ransomware attacks, since their systems often host or interconnect to numerous end-customer systems. Many of the attacks involve stealthy approaches that hide from anti-virus tools, Huntress Labs recently reported.
The U.S. Secret Service has warned IT service providers and consulting firms about ongoing cyberattacks. The warning indicated that threat actors are increasingly targeting point-of-sale (POS) systems and performing business email compromise (BEC) and ransomware attacks.
Recent MSP and IT consulting ransomware attack victims include:
- Cognizant, which suffered $50 million to $70 million in lost revenue related to the attack.
- xChanging, a DXC Technology subsidiary.
- Collabera, an IT staffing firm;
- Orange Business Services, a major telecom service provider and Top 200 MSSP; and
- Telecom SA, the largest telecom company in Argentina.
How MSPs Can Mitigate Ransomware Attack Risks: To safeguard your MSP business and clientele from ransomware attacks, follow this tip sheet.