Buffalo Public Schools cancels classes after cyberattack

DHS has been warning of a heightened ransomware threat against K-12 schools.
(Getty Images)

Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday.

The school system, which has been slowly returning to in-person learning plans, canceled all classes Monday while it works to respond to the incident, according to an announcement.

The FBI is investigating the attack, but so far the probe has not found that any sensitive information about students and teachers was exposed during the attack, the superintendent of Buffalo Public Schools, Kriner Cash, said in a statement.

The attackers, who encrypted the school’s computers, have not made any ransom demands yet, The Buffalo News reported. But the FBI has determined that the hackers’ demand is likely between $100,000 and $300,000, according to the The Buffalo News.


GreyCastle, a cybersecurity firm, is reportedly assisting the investigation.

GreyCastle did not immediately return request for comment.

The Department of Homeland Security warned of a heightened ransomware threat against K-12 schools in just December, saying educational institutions represent a ripe target for hackers seeking to extort victims for financial gain. Over half of all ransomware attacks against state and local government entities reported in the last several months of 2020 impacted K-12 school systems, according to the alert.

As school systems have increasingly leaned on remote learning environments during the pandemic, ransomware attacks have had an outsized influence over whether students can attend school, exacerbating the already fraught status of schools and their re-opening timelines during the global health crisis.

Over the past year, ransomware threat actors have also posed a heightened security threat to victims across industries as they have introduced attacks with increasingly destructive and damaging features, according to researchers at security firm CrowdStrike. The education sector in particular has been targeted by a Russian-speaking attack group, known as Wizard Spider, since 2019, according to CrowdStrike research.


The school system in this case did not specify whether the investigation has identified suspected hackers.

Buffalo Public Schools said Sunday that it was prioritizing restoring critical systems related to teaching and learning moving forward, but did not provide a timeline for when remote and in-person learning would begin again.

“The district is making headway in restoring critical systems that support the primary function of teaching and learning,” the school system said in its announcement. “We have also prioritized the recovery of any affected business operation systems. The district will implement a longer term comprehensive initiative to enhance IT security and infrastructure going forward.”

Shannon Vavra

Written by Shannon Vavra

Shannon Vavra covers the NSA, Cyber Command, espionage, and cyber-operations for CyberScoop. She previously worked at Axios as a news reporter, covering breaking political news, foreign policy, and cybersecurity. She has appeared on live national television and radio to discuss her reporting, including on MSNBC, Fox News, Fox Business, CBS, Al Jazeera, NPR, WTOP, as well as on podcasts including Motherboard’s CYBER and The CyberWire’s Caveat. Shannon hails from Chicago and received her bachelor’s degree from Tufts University.

Latest Podcasts