The online education giant "K12 Inc." paid ransom after being attacked in systems by Ryuk ransomware. K12 creates custom online programs studies for education students from home. More than 1 million students have used it platform of K12, instead of going to traditional school environments.
K12 announced this week that it had suffered a ransomware attack in mid-November that forced it to shut down some of its IT systems to prevent it from spreading. attack. The company said it responded quickly to the attack, taking immediate action to contain the threat, and also alerted federal law enforcement and is working with a leading team of third-party forensics to investigate the incident. security.
According to BleepingComputer, most large systems, including payroll, accounting and registration systems, were not affected by the Ryuk ransomware attack. However, the invaders gained access in some back-office systems that contained student data and other sensitive and confidential information.
The Ryuk ransomware gang is known to steal unencrypted data before encrypting Appliances. This data is then used in double blackmail attempts, where the ransomware gang threatens the victims that they will leak the stolen data if the latter do not pay the required ransom.
It is not known how much ransom the company paid to them hackers. In addition, the threatening agents assured the company that they would not disclose the stolen data if it paid the ransom.
K12 said in a statement that although there is always a risk that the threatening entity will not comply with the terms of the transaction, based on the specific characteristics of the case and the guidance we have received regarding the attack and the threat, it believes that payment it was a sensible step to take to prevent the misuse of any information received by the intruders.
Ransomware traders are increasingly warning that hackers do not always keep their promises about stolen data. Thus, the ransomware company negotiates Coveware tells the victims that it makes no sense to pay a ransom, as there is no way to know for sure if the stolen data will be deleted or if it will be used maliciously in the future.