article featured image


In March 2021, the Federal Bureau of Investigation’s Cyber Division has alerted of a rise in Pysa ransomware incidents targeting government institutions, the educational and healthcare sectors, as well as private organizations, all over the US and the UK.

A few months later, Pysa ransomware, a version of the Mespinoza ransomware family impacted no less than eight K-12 school districts in the U.S.A.

Why Is the Education Sector so Attractive to Ransomware Attackers?

As reported by security experts, the number of ransomware attacks against the educational sector keeps getting higher and higher every year and with the Covid-12 pandemic, the situation has gotten even worse.

The educational sector is extremely tempting for ransomware threat actors as unfortunately it still lacks a strong cybersecurity posture that sometimes may be unaffordable for some of these institutions. Also, the fact that it holds significant amounts of sensitive student and staff members’ information makes the education sector very appealing to ransomware attacks.

The students’ behavior who frequently engage in high-risk actions leading to exposure to ransomware attacks is also an important factor.

Another reason is the highly accessible and interconnected nature of campuses that provides many points of potential malware infiltration. All the hackers have to do is discover a weak link, and ransomware can spread in no time from students to all the institution servers and staff devices.

What Schools Fell Victims to Pysa Ransomware Gang?

Eight k-12 (from kindergarten to 12th grade) American public school districts that can be seen on the Pysa ransomware cybercriminals leak website have become victims to the popular gang.

According to reports, some of the educational facilities were hit before the FBI warning while others were impacted following the alert.

Here is a list of the public school institutions hit by Pysa ransomware and added to the leak website:

  1. Winters Independent School District (Texas) – added on October 25th, 2020
  2. Palos Community Consolidated School District 118 (Illinois) – added on December 1 st, 2020
  3. Brookfield Public Schools (Connecticut) – added on December 1 st, 2020
  4. Gering Public Schools (Nebraska) – added on February 24th, 2021
  5. Affton School District (Missouri) – added on February 25th, 2021
  6. Zionsville Community Schools (Indiana) – added on May 2nd, 2021
  7. Logansport Community School Corporation (Indiana) – added on May 8th, 2021
  8. Sheldon ISD (Texas) – the attack took place in March of 2020 but they are not on the leak website because the ransom has been paid

While nobody knows how many of these schools actually paid the ransom or how much they were required to pay everybody knows that the ransom demands can be colossal. Schools have been encouraged by cybersecurity researchers to make the attacks public and reveal the costs in order to let people and law enforcement know the real situation.

The Heathcare Sector Also Targeted by the Pysa Ransomware Threat Actor

The educational sector is not the only one targeted by the Pysa ransomware group, the medical field is also zeroed in. Since 2020, the gang has targeted more than 10 healthcare organizations that also didn’t hurry to disclose the ransomware attacks with only three of them reporting to the U.S. Department of Health & Human Services.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *