A cybersecurity expert not involved in the Fairfax County Public Schools’ investigation said the Virginia school system is without good options following last week’s computer network attack.
Fairfax County Public Schools announced the hack Friday and said it’s working with the FBI to investigate the extent of any possible data compromise.
But based on the publication last week of a 100MB file posted by the ransomware group MAZE, which it claimed to have extricated from the Fairfax County Public Schools, cybersecurity expert Brett Callow said he believes the school system has had a data breach and is now facing just two choices.
“They can refuse to pay, in which case the stolen data will be published online; or they can pay the demand, which will simply get them a pinkie-promise from the criminals that the data will be deleted,” said Callow, a threat analyst with Emsisoft, a cybersecurity company with expertise in ransomware.
A spokeswoman for Fairfax County schools said Monday that with the investigation underway, the school system was unable to provide additional details.
While the school system, one of the largest in Virginia, announced the hack Friday, the Fairfax County Federation of Teachers said some teachers were receiving ransomware messages four days earlier.
Callow said ransomware attacks often begin weeks before they are discovered.
“Typically ransomware groups have had access to a network for an average of 56 days before they actually encrypt the data. They use that time to spread throughout the network as far as they can and in lots of cases to also steal data,” Callow said.
School systems have become growing targets for ransomware attacks. Callow said 54 school districts, colleges or universities have been hit by ransomware this year, and Fairfax is the third struck this month, in addition to Toledo, Ohio, Public Schools and the Clark County School District in Nevada.
Also this month, Callow said five local governments have been hit so far in ransomware attacks.
There are several well-known ransomware criminal enterprises. The MAZE group, which claimed to strike Fairfax, also targeted Lakeland Community College in Michigan earlier this year, and its other targets have included the City of Pensacola, Florida, the government of Prince Edward Island, Allied Universal, LG, Xerox and Chubb, according to Callow.
The ransom can be expensive, with thieves often demanding millions of dollars.
“The average is probably somewhere between $150,000 and $250,000,” Callow said.