Baltimore County Public School System Cyberattack

In May 2020, Baltimore County Public School system suffered a cyber attack that caused the district to shut down its computer systems, including email and internet access. The attack was later identified as a ransomware attack, resulting in the district losing access to critical data, including student records and staff information.

The attackers demanded a ransom payment of $75,000 in bitcoin to restore access to the locked data. The district refused to pay the ransom based on advice from law enforcement authorities, and instead decided to restore its systems from backups. The recovery process took several weeks and resulted in a significant amount of data loss due to backups containing unreadable and damaged files.

On January 23rd, 2023, an Investigative Report was released to uncover its findings.
‍

The Incident, According to the Investigative Report

The breach was identified as a phishing attack via email, which was addressed to an official member of the school’s faculty.

The email impersonated a college official and contained an attached file appearing to be an invoice. The email format “seemed legitimate” as it used a recognized email address and extension. After being unable to open the attachment, the email was sent to a security contractor, who mistakenly opened the email with the attachment using their unsecured BaltimoreCounty Public School email domain account— not their secured email domain.Opening the attachment in the unsecured environment delivered the undetected malware into the school system’s IT network.

According to the report, the Baltimore County Public School allegedly ignored several recommendations made by the Maryland Office of Legislative Audits (OLA): “TheOIGE did substantiate that at the time of the cyberattack, the BCPS had not relocated their pubilcly accessible database servers as recommended buy the OLA. Following the attack, BCPS migrated its database servers into a cloud-based (encrypted) environment.

According to the report, the cost to recover from the attack, implement system upgrades, and migrate to a new platform has exceeded $9,682,437 million.
‍

Why This Matters

The incident highlights the importance of having robust cybersecurity measures in place—including regular backups—and the ability to quickly detect and respond to cyber threats. BCPS had not fully migrated to the cloud, despite recommendations from the Maryland Office of Legislative Audits.

Using the cloud can be more secure than on-premises solutions for several reasons:

1. Scalability: Cloud providers typically have large teams of security experts and invest heavily in security infrastructure. This allows them to offer a higher level of security than many organizations could afford to implement on their own.
2. Redundancy: Cloud providers often have multiple layers of redundancy built into their infrastructure, meaning that if one component fails, another can take over. This helps to ensure that data and services remain available even in the event of a security breach.
3. Regular updates: Cloud providers also regularly update their security systems and software, meaning that any vulnerabilities are likely to be patched more quickly than in an on-premises environment.
4. Compliance: Cloud providers are often required to comply with strict security standards, such as SOC 2, PCI DSS and HIPAA. This can help to ensure that sensitive data is handled in a secure manner.
5. Risk Management: Cloud providers typically offer a range of security and compliance features, such as monitoring, logging, and incident response, which can help organizations to detect and respond to security threats more quickly and effectively.
   ‍

School Systems Are a Common Target for Cyberattack

School systems are often the victim of cyber-attacks for several reasons: lack of resources, limited budgets, remote access, outdated systems, and insufficient security awareness, to name a few. They are also privy to large amounts of sensitive data which can be easily monetized by cybercriminals. We go into detail on cyber risk in the education sector, here.

ContraForce Can Help

ContraForce provides free security monitoring for anyone in the education space, including public and private K12 institutions, higher-ed, EdTech, or anything in between.Reach out to us to get started at info@contraforce.com

‍

‍