FBI warns K12 schools of ransomware attacks via RDP


Level 36
Nov 10, 2017
The US Federal Bureau of Investigation sent out on Tuesday a security alert to K12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, and especially about ransomware gangs that abuse RDP connections to break into school systems.

The alert, called a Private Industry Notification, or PIN, tells schools that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning."

Schools are likely to open up their infrastructure for remote staff connections, which in many cases would mean create Remote Desktop Protocol (RDP) accounts on internal school systems.


Level 73
Content Creator
Malware Hunter
Aug 17, 2014
K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year.

The alert comes from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) based on reports from K-12 institutions incurring cyberattacks.

In a joint advisory today, the three government agencies are warning that ransomware, malware delivery, and DDoS attacks are the main threats for K-12 educational institutions.

Ransomware attacks in the education sector have increased at the beginning of the school year, with cybercriminals stealing data and threatening to leak it unless the ransom was paid (just like in the case of targets in the business and industry sector).

“In August and September, 57% of ransomware incidents reported to the MS-ISAC involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July” - FBI, CISA, MS-ISAC joint advisory