main banner

Saturday, September 12, 2020

Fairfax County Schools hit with ransomware attack

FCPS headquarters in Merrifield. [Associated Press]
Just days into the start of the virtual school year, a cybercriminal group call MAZE has successfully targeted Fairfax County Public Schools with ransomware, Infosecurity magazine reports.
FCPS issued a statement Sept. 11 acknowledging that ransomware was placed on some of its technology systems. “We are taking this matter very seriously and are working diligently to address the issue,” FCPS states. 
“We currently believe we may have been victimized by cybercriminals who have been connected to dozens of ransomware attacks in other school systems and corporations worldwide. We are coordinating with the FBI on the matter,” FCPS states.
“We are working diligently to determine the impact of this incident on FCPS data,” the statement continues. “We have retained leading security experts to help us determine the nature and scope of the incident and recover from the situation.”
“FCPS is committed to protecting the information of our students, our staff, and their families. We will work with law enforcement to the fullest extent to prosecute any individuals or groups that attack our systems,” FCPS states.
School administrators, teachers, students, and parents had been hoping for a smooth rollout of virtual learning this fall, following the disastrous experience with online instruction in the spring.
It is not known whether the cyberattack is related to the problems schools were reporting this week with Blackboard Collaborate. 
According to Infosecurity, MAZE uploaded a zip file of data they claim was exfiltrated from the school system.
FCPS is the 206th public sector entity and the 53rd school district in the U.S. impacted by ransomware so far in 2020, Brett Callow of Emsisoft told Infosecurity.
Dealing with these crypto-ransomware attacks is costly, the article states. Victims need to pay for forensics specialists to determine how the attack happened, fund the implementation of new cybersecurity measures, and, in some cases, pay the ransom demanded by the attackers. 
The piece quotes Callow as saying 966 governments, healthcare providers, and educational establishments spent $7.5 billion in 2019 to recover from ransomware attacks. The number of such attacks is expected to increase. 


  1. I wonder how much FCPS had to pay MAZE

  2. Maybe MAZE just told FCPS to pay bus drivers and their assistants to drive around in empty buses?

    1. Please volunteer to fill-in for free.