K12, Online Curriculum Provider, Pays Ransom to HackersRansomware Attackers Exfiltrated Data
K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data.
The attackers accessed parts of K12's back office system and exfiltrated certain student and employee information, although the company is still investigating exactly what data was accessed, according to a statement.
"We carry insurance, including cyber insurance, which we believe to be commensurate with our size and the nature of our operations. We have already worked with our cyber insurance provider to make a payment to the ransomware attacker as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed," the company says.
K12 acknowledges that there is a risk the attacker will not adhere to the negotiated terms. But based on information gathered on the threat actor through a third-party adviser, the company believes the payment will help prevent any misuse of the stolen data.
The company did not identify the cyber gang involved, the ransomware variant used, when the attack occurred or the ransom amount that was paid.
A K12 spokesperson could not be immediately reached for additional comment.
The FBI says ransomware victims should avoid paying the hackers because there is no guarantee they will fulfill their promises, such as providing an decryption key or refraining from publishing stolen data.
Paying a ransom “encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” FBI guidance states.
Impact on K12
K12, which is rebranding itself as Stride Inc. as of Dec. 16, says the attack did not affect its "learning management system" that is uses to deliver educational content to students and host student accounts.
"No data on the [learning management system] was compromised nor has the delivery of services over the LMS been interrupted in any way. Our client schools - charter and district online schools - are still open, operating and secure, as they have been since the start of the pandemic," the company says.
K12 also says its primary corporate systems, including payroll, accounting, enrollment, financial reporting, procurement and shipping, were not accessed by the hackers and have remained operational through this incident.
"This investigation is active and ongoing, and our systems are operating with minimal impact,” the company says. “Based on the information currently known and our investigation to date, we do not believe the incident will have a material impact on our business, operations or financial results.”
K12 says it has assembled a data compliance advisory team comprising former state and federal legal professionals, including Catherine Hanaway, former U.S. attorney for the Eastern District of Missouri; William Lockyer, former California state attorney general; and John Byron Van Hollen, former Wisconsin state attorney general and former U.S. attorney for the Western District of Wisconsin.
Schools in the Crosshairs
The educational sector has been hit hard by ransomware this year. For example, the Baltimore County Public Schools system halted online learning for all of its 115,000 students for three days following a Nov. 24 ransomware attack (see: Audit Found Baltimore County Schools Lacked Data Security).
Baltimore County schools re-opened Wednesday while the district continued to recover. The attack affected the district's website, email, grading system and its online educational tools, forcing it to shift platforms so it could resume virtual classes, Superintendent Darryl Williams said at a Tuesday press conference.