Maze ransomware attackers leak data stolen from suburban Washington schools
Hackers using the Maze ransomware last Friday published information stolen in a recent hack of the public school system in Fairfax County, Virginia, including personal information of some students and employees, the district’s superintendent said.
In an email to staff and students’ families, Scott Brabrand wrote that the attackers “posted the information that they stole on the dark web.” Stealing files from victims and threatening to publish them on the open internet or dark web for others to access is an increasingly common tactic of ransomware actors, and was popularized last year as Maze emerged.
Like many school districts, Fairfax County started the academic year entirely online, but Brabrand said the attack did not affect the district’s virtual learning set-up or its ability to meet payroll.
The district is now identifying the information that was published and notifying the affected individuals, he wrote, and it’s also working with the Virginia State Police and FBI, which are conducting criminal investigations of the attack.
Fairfax County Public Schools first acknowledged the attack on Sept. 11, which followed similar attacks against the K-12 organizations in Toledo, Ohio, and Clark County, Nevada, adding those school districts to an ever-growing list of public-sector ransomware victims.
Public school systems are often seen as easy targets for ransomware actors because of their limited IT resources. Yet the attack on Fairfax, a district with nearly 190,000 students and the 10th-biggest in the country, shows that even large systems are vulnerable.
Many analysts in the cybersecurity industry treat ransomware attacks against educational institutions with special contempt. Katie Nickels, the director of intelligence at the information security firm Red Canary, told StateScoop last month after the Fairfax County incident was first reported that she was “outraged” that malicious actors are targeting schools as students and teachers are still trying to adjust to a mostly remote learning environment.
The Maze actors later removed Fairfax County Public Schools from their extortion blog, according to Brett Callow, an analyst with the anti-virus firm Emsisoft.
But the wave of attacks against schools rolls on: last week, K-12 classes in Springfield, Massachusetts, were shut down briefly after IT administrators there detected ransomware.