Ransomware Attack on Buffalo School Systems

Stefan Maraj
Staff Writer   United States Cybersecurity Magazine

High school students in Buffalo, New York, have had a rough year. Like many other students throughout the U.S., the pandemic forced them to tackle virtual learning. Then,on Monday, March 15, 2021, Buffalo schools were set to open; however, the return to school was cancelled. The reason? A ransomware attack on the Buffalo School System. 

Buffalo schools are not the only school system  to have been hit recently by cyber-attacks. This year we’ve seen a similar scenario with  Baltimore County Public Schools and Montgomery County Public Schools, which are located in the state of Maryland. However, this latest ransomware attack on the Buffalo School System is a further indication of a trend going in the wrong direction. 

Let’s take a closer look.


Buffalo Schools Superintendent, Kriner Cash has been, and quite rightly so, reticent to share specific details of how the ransomware attack on the Buffalo School System took place, or exactly the damage that was caused. Although compliance frameworks mean that the schools will eventually have to release this information, for now the focus is on assessing the extent to which personal and sensitive data has been stolen.

What we do know from a letter that Cash sent to parents is that the attack made use of ransomware. This type of malware is generally used to encrypt files on a victim’s system. Then the hacker demands money for them to be made available again.

We also know that the ransomware attack on the Buffalo School System caused a significant level of inconvenience. Around 5,000 students were to return to the physical classroom, with many first-year high school students among them, who would have been attending their very first in-person day of high school.


In and of itself, the recent attack is not unusual. Schools and local governments get hit by ransomware frequently.

If schools follow the government-recommended NIST framework, it is unlikely that large amounts of personal data will be stolen or released. Schools using this framework typically use secure browsers and encrypted backups that prevent hackers from accessing sensitive information. This backup copy is stored separately so that schools do not have to pay ransoms.

With  the increased level of attacks, this could indicate that schools are not following this guidance. Hacking is a dynamic “market.” An increase in attacks is a good sign  that there is money to be made from a particular cyber-attack. This suggests that ransomware attacks, like the one in Buffalo, work in the favor of cybercriminals. Instead of restoring their system from an encrypted backup, schools may be paying these cybercriminals  to release their data. 


It might be time, then, to remind school administrators of how to prevent and respond to this type of attack. First, you should ensure that you are following the NIST framework, which will greatly limit your exposure and risk. If you do get hit by an attack, follow the FBI’s advice. Do not pay the ransom.

Additionally, get your students on board with cybersecurity best practices. The NSA’s High School Cyber Initiative aims to give students a grounding in cybersecurity. It could turn your student body into a powerful anti-hacking system!

The United States Cybersecurity Magazine will continue to release updates on the ransomware attack on the Buffalo School System as they become available.


Leave a Comment