Introduction
In November 2020, a school district in Baltimore, MD was the victim of a ransomware attack that has left many teachers, even those who have since left or retired, paying thousands for benefits that they’re not actually getting. This is an ongoing problem for the Baltimore County district, despite nearly a year and a half having passed since the attack.
Cybersecurity experts have been warning about the hypothetical damages that a ransomware attack might cause, from the financial aspect to how a breach affects the brand’s reputation. We’ve even mentioned these detriments on this blog before. Now let’s take a look at a real-world example of what could happen in the long-term aftermath of a cyberattack involving ransomware.
What Happened in 2020
On November 24th, the school experienced the start of a breach that would wreak havoc in their lives for years to come. At the time, the school was deep in virtual learning full-time. Learning stalled for days as their security response worked to bring order back to the systems and search the devices of students and teachers.
Already, workers were entrenched in trying to navigate online learning in the midst of a global pandemic unlike anything we’d experienced before in our lifetimes. Now even that facsimile of a normal learning environment had to contend with their laptops being confiscated and examined, or even replaced in many cases.
What do these cybercriminals want? That’s what the school district would like to know. As of yet, the perpetrators have neither revealed themselves nor reached out with demands. So far it seems to have been damage done for the sake of damage and profit.
Effects Felt in 2022
In the meantime, the Baltimore County school district found out about another consequence of the attack: The financial records of the schools had been violated too, which was time-consuming and expensive to recover from. Meanwhile the teachers were unable to change their medical insurance payments, even if they swapped to a new policy, for over a year. As a result, many are still owed thousands of dollars from the district for benefits paid for but never gotten. In some cases, they’re even paying insurance for spouses that have since died, or despite having moved out of state. 9,000 retired teachers are still affected by the ongoing problem.
A year after the breach, the recovery costs associated with this ransomware attack exceeded $9.5M. That number has only grown since and the effects continue to haunt the teachers to this day. Especially given that many retirees operate on fixed incomes, the excessive payments spell trouble when it comes time to pay the bills. It’s a long and slow process to fully sort out this problem and all the affected workers.
Conclusion
When talking about the damaging effects of cyber breaches, especially those that involve ransomware, you may think mainly about the short-term cost to pay off the ransom, the disruption of the workday as you try and get systems back online, the damage to brand recognition, and loss of consumer trust. However the case of Baltimore County school district shows just how problematic this type of attack can be, even years into the future. Whether you’re a small business, working professional or student, this type of malware is expensive and extremely detrimental.
Ransomware attacks are on the rise all over the world, increasing the chance you could be at risk if your software and systems don’t get the latest updates and -grades. As cybercriminals get savvier, security experts are working even harder to bring you stronger and more efficient defenses. Just knowing what to look out for online and staying aware of the latest trends and threats on the horizon will help you make safer decisions while you’re browsing the web. Then, equip your systems with strong security postures to handle the rest.
References