According to news reports from Politico and ZDNet, the FBI has recently issued a warning about ransomware attacks targeting school districts across the U.S. Per Catalin Cimpanu of ZDNet:

“The alert, called a Private Industry Notification, or PIN, tells schools that “cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic target as more of these institutions transition to distance learning.”

Schools are likely to open up their infrastructure for remote staff connections, which in many cases would mean create Remote Desktop Protocol (RDP) accounts on internal school systems.

Over the past two-three years, many ransomware gangs have utilized brute-force attacks or vulnerabilities in RDP to breach corporate networks and deploy file-encrypting ransomware.

However, while companies usually have resources for a professional security team to protect their remote access infrastructure and endpoints, the same is not true for K12 schools, the FBI said.”

Several variants of malware specifically seek out and exploit RDP connections exposed to the internet. Unfortunately, in a time of (unplanned) remote learning, the odds are greater than usual that schools are relying on tools such as RDP that may not be adequately secured.