The Fairfax County Public Schools (FCPS), the 10th largest school complex on USA accepted ransomware attack. This school complex is also the largest in the Baltimore-Washington metropolitan area. It has more than 188.000 students and about 25.000 employees full-time working in 198 schools and centers in Virginia.
The FBI was involved in the investigation into ransomware attack
"We recently learned that ransomware has been installed on some of our technology systems. We take this issue very seriously and we are working to address this issue", Says the statement of Fairfax County Public Schools.
The FCPS also sought the help of "external" experts security for conducting the research but also for systems reset who were affected by the attack.
""FCPS is committed to protecting the information of our students, our staff and their families." added the school complex. "We will work with law enforcement to the maximum extent to prosecute individuals or groups who attack our systems.".
BleepingComputer tried to contact the FCPS for more details but received no response.
The Maze gang is said to be behind the attack
However, the attack was probably made by Maze ransomware operators as well 2% (approximately 100MB) of data allegedly stolen from Fairfax County Public Schools servers has already been leaked.
Data leaked by Maze ransomware gang contain information for some of the students, as well as administrative documents. It also leaked something like LSASS dump that can be used to export Windows credentials.
The Maze gang is what started stealing data of victims before systems encryption, a tactic that was gradually adopted by more and more groups. After stealing them data, The hackers threaten to leak them on the internet if the victims do not pay the ransom.
Maze ransomware attacks were first detected in May 2019. Since then, hackers have greatly evolved their attacks through exploit kits, spam and network breaches.
In November 2019, the first leak of stolen data, which belonged to Allied Universal. The company had fallen victim to Maze ransomware but did not pay the ransom. So the hackers exposed the data. Then they published data and other victims in hacking forums, until they made their own leak site.
Maze ransomware has carried out many attacks on well-known and large companies, such as Chubb, Canon, Xerox, LG Electronics, Conduent, Cognizant, MaxLinear and others.