Iowa’s largest school district confirms ransomware attack, data theft

Des Moines Public Schools, Iowa’s largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023.

While the school district also received a ransom demand following the attack from an unnamed ransomware group, the ransom has not been paid.

Almost 6,700 individuals whose data was affected in the resulting data breach will be contacted this week with details regarding what personal information was exposed.

“The cyberattack against DMPS included a ransom demand. No ransom has been or will be paid in response to this attack based on the advice of our cybersecurity experts and what is in the best interest of the school district and community,” Des Moines Public Schools said.

“As a precautionary measure, potentially impacted individuals are being offered complimentary credit monitoring services. The letter also includes information for recipients on how they can place a fraud alert on their credit file, place a security freeze on their credit file, and obtain a free credit report.”

Following the January ransomware attack, the school district canceled all classes for several days starting January 10, after internet and network services were also taken offline during the incident’s investigation.

Des Moines Public Schools system employs over 5,000 staff members and enrolls over 31,000 students from preschool to high school across more than 60 schools.

​Various other Iowa school districts, such as the Cedar Rapids Community School District, the Davenport Community School District, and the Linn-Mar Community School District, have also been hit by ransomware last year, according to a Des Moines Register report.

Emsisoft threat analyst Brett Callow recently said that ransomware groups had hit at least 37 K-12 school districts in the United States since the start of the year.

According to Emsisoft, 2022 year saw 89 ransomware attacks targeting organizations in the U.S. education sector. Among these, 44 attacks affected universities and colleges, while 45 targeted school districts. In at least 58 of these incidents, the attackers also managed to steal data from victims’ networks.

One notable victim was the Los Angeles Unified School District (LAUSD), the second-largest school district in the country. The Vice Society ransomware gang claimed responsibility for the attack and released the stolen data a month later.

Significantly, the LAUSD breach coincided with a joint advisory from the FBI, CISA, and MS-ISAC, warning that U.S. school districts were increasingly becoming targets of the Vice Society ransomware gang.

In November 2021, multiple U.S. senators urged the U.S. Departments of Education and Homeland Security to strengthen cybersecurity protection in K-12 schools in response to the escalating wave of ransomware attacks.

Attacks on educational institutions have severely affected their day-to-day operations, including canceled school days, disrupted exams, no or restricted access to data and networks, as well as the compromise of personal information belonging to students and school staff.

Source: https://www.bleepingcomputer.com/news/security/iowas-largest-school-district-confirms-ransomware-attack-data-theft/