An annual report from the K12 Security Information Exchange says ransomware has surpassed data breach attacks as the largest category of cyber attacks on schools, often coming from sophisticated criminals overseas. Publicly reported ransomware attacks against K-12 schools and districts increased last year, even as documented cyber attacks in the K-12 system overall fell by more than half, Governing reports. In fact, ransomware attacks—in which hackers take a school district’s data and refuse to give it back until they have received payments that can run to hundreds of thousands of dollars—now make up the largest category of attacks for the first time since 2016, the year K12 Six began tracking. Ransomware attacks increased from 50 in 2020 to 62 in 2021, while the number of cyber attacks in general declined for the first time in three years, from 408 in 2020 to 166 in 2021.

In previous years, data breach attacks—in which someone who is not authorized to see or change certain types of data breaks into a district or school’s computer system and copies, steals, transmits, changes, or just views the information—were most common. Ransomware attacks are increasingly coming from cyber criminals who often work overseas in countries that are tough for U.S. law enforcement to reach, said Doug Levin of K12 Six, an expert on cybersecurity for K-12 schools. Ransomware attacks can be costly, in both learning time and money. Districts often close down buildings to restore their systems. Even if districts—or their insurance companies—don’t pay a ransom, costs of fixing computer systems can be staggering.