The Baltimore County Public School (BCPS) system has canceled classes after an apparent ransomware attack shut down internal networks. Described by officials as “a networking issue,” the outage is affecting the schools’ email and grading systems, among others.
BCPS chief of staff Mychael Dickerson confirmed on Twitter that the outage is believed to be the result of a ransomware attack. “We were the victim of a ransomware cyber attack,” he said. “Our BCPS technology team is working to address the situation.” Dickerson could only tweet the message since the BCPS website is currently down.
As a result of the outage, offices have been closed for the day and students have been given the day off. “We knew it wouldn’t be a quick fix,” Dickerson told The Baltimore Sun. “We just don’t want people standing by thinking we’ll get back up.”
Ransomware attacks have become a common tactic for cybercriminals, often targeting underfunded infrastructure like hospitals, schools, and municipal governments. A separate ransomware attack paralyzed Baltimore’s City government in May of last year, shutting down online systems for paying water bills and other services. Major companies like Honda, Garmin, and Canon have also been compromised by ransomware. In September, a ransomware attack on the Düsseldorf University Hospital was linked to the death of a female patient, the first death directly tied to a ransomware attack on medical facilities.
Ransomware attacks work by encrypting data on compromised networks and locking out the network operators. Criminals then ask for a ransom payment (typically in bitcoin) to restore functionality. Because the ransom is often lower than the cost of recovery, many victims simply pay the requested amount, making it an unfortunately profitable scheme. In February, a report by Emisoft estimated that US businesses paid more than $1.3 billion to resolve ransomware attacks in 2019.
Correction: An earlier version of this article erroneously attributed the Emisoft report to ID Ransomware. The report merely drew on data from the ID Ransomware product, which is maintained by an Emisoft employee. We regret the error.