Date of Award


Document Type


Degree Name

Master of Science in Information Systems and Technology


Information and Decision Sciences

First Reader/Committee Chair

Conrad Shayo


Ransomware attacks have become part of the normal vernacular, as more organizations get attacked and must deal with the outcome in the media. School districts are in a unique position because of COVID and the sudden shift to online or hybrid learning. Over the past few years, ransomware attacks on K12 school districts have been widely reported in the news, leading to questions on whether K12 school districts are more vulnerable to these attacks. This project focused on: the prevalence of ransomware attacks in K12 School Districts in the USA in general and in the Inland Empire in particular, examining what value attackers gain by attacking a school district as well as looking at the costs incurred to the district because of an attack, whether K12 School districts in the Inland Empire are following cybersecurity best practices to protect in case of a ransomware attack. The findings are: that school districts are at a higher risk of ransomware attacks because they are soft targets with understaffed under budgeted IT departments, school districts do not pay ransoms and are left with the higher cost or remediation, there is a lack of security focus in the job descriptions for IT managers working in K12 in the Inland Empire, temporary school shutdowns due to ransomware are shown to negatively affect the GDP in the long term. The recommendations are: school districts should use COVID relief funds to hire/contract a CISO and figure out a way to keep the position funded into the future, [1] [2] school districts in the Inland Empire should hire more IT staff and focus on security awareness training for its users including students, schools should move away from passwords and replace it with 2FA using badge and pins. For future study the issues of long term funding for CISO positions and the creation of security awareness for K12 students needs to be addressed.