The Fairfax County Public Schools system confirmed Monday that its data has fallen victim to a ransomware attack amid reports that it also was experiencing technical difficulties with online-only instruction.
The internet hacking group Maze posted some of the stolen private data from the school system, such as student disciplinary records and grades to prove its hack, but it is unknown how much information was stolen, according to WRC-TV.
“We recently learned that ransomware was placed on some of our systems. We are taking this matter very seriously and are working diligently to address the issue,” said FCPS spokeswoman Lucy Caldwell on Monday.
“We have retained leading security experts to help us investigate the matter and recover from the situation. We also are coordinating our efforts with law enforcement authorities. The protection of our students’ information is a top priority for Fairfax County Public Schools,” Ms. Caldwell said.
The school system said the ransomware issue did not disrupt the distance learning program during the first week of school. FCPS said it is working with the FBI to determine the scope of possible data compromise.
The FBI said it cannot confirm an investigation or provide more details. The bureau encourages any individual or business affected by ransomware to contact their local FBI field office.
Tina Williams, president of the Fairfax County Federation of Teachers, said she was shocked to learn the school system has been hacked, which she described as “deeply alarming for our community” in a statement. She urged FCPS to quickly resolve the issue and to do whatever it can to keep employee and student data safe.
FCPS notified staff and families of the ransomware attack on Friday and Saturday.
The school system is not asking staff or students to make changes to their devices at this time, but says it will take steps to notify individuals who have been impacted by the hack attack and whose devices require technical attention.
WRC-TV reported that Maze posted an internal training document that was several years old and letters containing information about disciplinary actions and grades of 15 different students among other documents.
Ransomware is a type of malware that prevents users from accessing computer files, systems or networks until a ransom is paid. It typically works by encrypting data on a system with a password only the attackers know, making it unreadable to those who don’t have the password, according to Brad Hayes, chief technology officer for Circadence, a cybersecurity company.
“The attackers will often display a ransom note with payment instructions, though there is no guarantee that they will actually provide you with the password to decrypt your data if you do pay,” Mr. Hayes said. “In most cases, the hackers are not interested in your data at all. The main reason for this tends to be that your data is far more valuable to you than to some third party buyer, not to mention that it is much easier and less risky than setting up a sale. Hackers typically will ask for anywhere from tens of thousands of dollars to millions depending on the size of the organization and the cost of the disruption they created.”
A person can unknowingly download ransomware onto a computer by opening an email attachment, visiting a website embedded with malware, clicking an ad or following a link.
To avoid ransomware, the FBI recommends keeping operating systems and software up to date; ensuring anti-virus programs are set to automatically update and run regular scans, backing up data regularly and secure your backups, and creating a plan in case of a ransomware attack.
Mr. Hayes said school systems can establish a “culture of cyberliteracy” among employees. He said the best way to prevent cyberattacks is to make yourself a difficult target by having sufficiently lengthy and complex passwords, not writing passwords down or storing them in places others can access, understanding how email phishing attacks work and not downloading programs or plugging in USB drives unless they come from trusted sources.
He added it is unlikely that virtual learning platforms themselves are hacked, but rather that an attacker would obtain credentials of an instructor or student to “log in and cause trouble.” The best defense against this, he said, is to practice good password habits such as creating passwords that are difficult to guess, not sharing it or writing it down anywhere and changing it occasionally.
On Friday, FCPS reported technical issues as students wrapped up their first week of online learning. Some students appeared to experience connection problems from their homes mostly between 9 and 10 a.m. Although the school system pinned the blame on Verizon, the internet provider said it did not experience service outages, according to The Associated Press.
“There will undoubtedly be bumps in the road throughout the distance learning period, but it’s important that students, staff, and families continue to work together as we work through challenges as a team,” FCPS tweeted last week.
• This article is based in part on wire service reports.