K12 education giant paid the ransom to the Ryuk gang

Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a ransom to avoid data leak.

The education company Online education giant K12 Inc. has paid a ransom to the ransomware operators after the gang infected its systems in November.

K12 Inc. is a for-profit education company that sells online schooling and curricula. K12 is an education management organization (EMO) that provides online education designed as an alternative to traditional “brick and mortar” education for public school students from kindergarten to 12th grade, Publicly traded K12 is the largest EMO in terms of enrollment.

K12 publicly disclosed the ransomware attack this week, the incident took place in mid-November and forced the company to shut down its systems to prevent the malware from spreading.

According to the company, the ransomware operator accessed “certain parts” of their corporate back-office systems, the incident might have exposed “some student and employee information” on the affected systems.

The attack did not affect the Learning Management System (“LMS”) that is used to provide educational content to students and to host student accounts.

“K12 Inc. (NYSE: LRN) (“Stride” or “we”) – to be Stride, Inc. effective December 16, 2020 – has detected unauthorized activity on its network, which has since been confirmed as a criminal attack in the form of ransomware.” reads the press release.

“Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident.”

The company quickly initiated incident response procedures and lock down impacted systems, it also notified federal law enforcement authorities K12 retained an industry-leading third-party forensics team to investigate the incident.

This attack did not impact their online Learning Management System (LMS) to deliver educational content or affiliated charter schools. They also state that most major systems, including payroll, accounting, and enrollment systems, were unaffected.

Bleeping Computer has learned aware that K12 was hit by Ryuk ransomware and K12 paid the ransom utilizing their cyber insurance. At the time of this writing, it is not known the ransom amount.

“We have already worked with our cyber insurance provider to make a payment to the ransomware attacker, as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed..” the company told Bleeping Computer.

K12 paid the ransom to prevent misuse of any information the ransomware operators have stolen.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ryuk)

[adrotate banner=”5″]

[adrotate banner=”13″]