With more than 188,000 students and 25,000 employees, Fairfax County Public Schools in Virginia is one of the largest school districts in the US. A statement from Fairfax County Public Schools reads, “FCPS recently learned that ransomware was placed on some of our technology systems. We are taking this matter very seriously and are working diligently to address the issue. We currently believe we may have been victimized by cyber criminals who have been connected to dozens of ransomware attacks in other school systems and corporations worldwide. We are coordinating with the FBI on the matter.” The school district is unsure about when the attack started or who was responsible at first. Recently, Maze ransomware operators took credit for it. The threat group released a 100MB sample portion of the data and it included students’ info, administrative documents, and an LSASS dump that could allow retrieving Windows credentials. Thankfully, officials believe the distance learning program was not affected and they believe that online learning will be able to continue as normal.
Analyst Notes
It has not been revealed what the ransom may be, however, it is likely that if FCPS does not pay the ransom, data will be leaked. FCPS and parents of students should be aware that if the data is leaked, they may be at an increased risk for phishing attempts and other attacks that involve their personal data. More information can be found here: https://securityaffairs.co/wordpress/108219/cyber-crime/fairfax-county-public-schools-maze-ransomware.html?web_view=true
