UDTSecure Threat Advisory for K-12 Schools


UDTSecure™ Cybersecurity Consultants are tracking an active and credible advisory issued by the FBI and Department of Education (DOE) warning of K-12 schools being the target of cybersecurity ransomware attacks. These attacks focus on extorting money from educational institutions by releasing sensitive student information if a ransom is not paid. However, we believe getting access to the data itself is of equal importance. 

We have long been warning school districts regarding the urgency of protecting student and employee confidential information which is extremely valuable to cybercriminals. Data such as social security and drivers license numbers are extremely valuable in that they can be sold on the black market or used to apply for new credit purchases. 

Several methods of attacks have been identified so far across three states that include email phishing campaigns, exploitation of vulnerabilities found in network devices or website weaknesses which allowed for unauthorized access. 

 The following quick tips provide some initial guidance in securing your environment and reducing your chances of being a victim. 

 Quick Tips to Perform Now:

  • Consider installing OpenDNS on Active Directory Servers to prevent outgoing command and control network traffic.
  • Ensure you have backups of all student and employee information. 
  • Scan backup data for malware with Anti-Virus applications. 
  • Test you can restore backup data from scratch if the need arises. Do not restore backups into production environment. First, restore systems in the test environment and run the anti-virus checks on the test environment.
  • Ensure proper audit logs are enabled for systems and network components. Double check the storage capacity on systems recording the logs. Both event and activity logs should be enabled. Important to check Active Directory server logs are enabled. 
  • Alert employees, staff and students to avoid clicking suspicious email links especially ones with threatening messages. 
  • Perform Network vulnerability scans to identify critical vulnerabilities known to be exploited and misconfigured systems.  

If you feel you’ve been the subject of an attack or view suspicious activities in emails or networks, call us immediately at 1-800-882-9919 and request to speak to one of our fully certified cybersecurity consultants. 

Focus time, money, and effort on what really matters

Let’s build success together. 

More to explore

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,