Fairfax County Public Schools hit by Maze ransomware

Fairfax County Public Schools (FCPS), one of the largest school divisions in the US, was hit by Maze ransomware operators.

Fairfax County Public Schools (FCPS) was victim of an attack carried out by the Maze ransomware operators.

FCPS is one of the largest school districts in the US with an approved budget of $3.2 billion for 2021.

The Fairfax County Public Schools has more than 188,000 students in grades prekindergarten through 12 and approximately 25,000 full-time employees working in 198 schools and centers within the U.S. commonwealth of Virginia.

“FCPS recently learned that ransomware was placed on some of our technology systems. We are taking this matter very seriously and are working diligently to address the issue.” reads a statement published by FCPS. “We currently believe we may have been victimized by cyber criminals who have been connected to dozens of ransomware attacks in other school systems and corporations worldwide. We are coordinating with the FBI on the matter.”

The institution has notified the authorities and is investigating the incident with leading security experts to determine the extent of the attack.

At the moment the exact date when the ransomware impacted FCPS’s network is not yet known but the school district says that it collaborating with the FBI to determine what ransomware gang is behind the attack.

“FCPS is committed to protecting the information of our students, our staff, and their families,” concludes the statement. “We will work with law enforcement to the fullest extent to prosecute any individuals or groups that attack our systems.”

The statement did not disclose the threat actors behind the attack, it only pointed out that the same ransomware gangs has been connected to dozens of similar attacks against school districts and businesses worldwide.

The Maze ransomware operators claimed responsibility for the attack and leaked an archive of roughly 100MB (2% of the total amount of stolen data).

The leaked archive contains students’ info, administrative documents, and an LSASS dump that could allow retrieving Windows credentials.

An update sent Saturday afternoon to the school community said the school system is “working diligently to protect the information of our staff, students and their families.”

The institution added that the ransomware intrusion did not disrupt the school system’s distance learning program.

Lucy Caldwell, a spokesperson for Fairfax County Public Schools, told WTOP that she expected remote learning will be not impacted by the infection.

In August, experts at threat intelligence firm Cyble came across a post published by Maze ransomware operators claiming to have breached the steel sheet giant Hoa Sen Group.

A few days before, Maze ransomware operators also published internal data from LG, Xerox, and Canon after the companies did not pay the ransom.

The list of victims of the Maze ransomware gang includes Conduent, IT services giant Cognizant, system-on-chip (SOC) maker MaxLinear, and Banco BCR, 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Maze ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]