Why Did the Baltimore County Schools Cyber Attack Happen?
Just ahead of Thanksgiving 2020 the Baltimore County Public Schools system was hit by a devastating ransomware attack. The attack came right in the midst of the ongoing lockdown measures against the spread of Covid-19 and affected 115 thousand students who had been switched to online classes.
How exactly did the accident happen and why? The tell-tale signs about a similar situation have been there for quite some time, it seems.
The school system in Baltimore received a targeted warning about its network back in 2019, shortly after the city of Baltimore was hit by a RobinHood ransomware variant. The warning seems to have gone unheeded, as there was another report outlining the school network issues issued by the Maryland Office of Legislative Audits. That latter report came on the exact day that the attack took down the school network.
It might seem that the report served as a prompt for the bad actors given the timing, but the auditors formally notified the schools before releasing the document, giving them time to address issues.
Some of the security loopholes outlined in the most recent report can be seen almost word for word in a report dating back to 2015. Disturbingly, it seems none of them were addressed.
There seems to be very little the Baltimore school network was actually not vulnerable to. From RDP vulnerabilities, to simple password guessing and user passwords floating on the dark web, put up for sale, there was a myriad of avenues for bad actors.
The biggest issues with the school networks were how the servers were organized and set up, the lack of critical updates and the general inability of the people responsible to act in a timely manner, despite multiple warnings.
The authorities investigating the attack on the school network have revealed virtually nothing and only stated that an investigation is in progress. Security experts have noted that in case the schools have not invested in a decent data backup plan, they may be forced to pay the ransom.