“We deeply regret that this has occurred and are committed to supporting you,” Superintendent Scott Brabrand wrote in the Friday letter to the community. “We are working around the clock to identify the information that was taken and will notify impacted individuals as appropriate.”
In his message, Brabrand said the criminal cyber organization known as the Maze group had claimed responsibility for the attack and posted the stolen information on the dark Web, parts of the Internet that require special software for access. He said that the district was working with Virginia State Police and the FBI to “bring the attackers to justice.”
Documents provided to The Washington Post that had been published by the hackers appear to show student disciplinary letters sent by the school district to families and insurance data for some district employees.
School district spokeswoman Lucy Caldwell declined to confirm Saturday whether that information was part of the stolen cache.
“At this time, we believe only a subset of individuals, including a limited number of students, were impacted by the incident,” Caldwell said in an email. “We’re committed to working to protect our community’s data moving forward.”
Caldwell said the district will offer free credit-monitoring services to all district employees and their spouses and any others who were affected. Citing the ongoing investigation, Caldwell declined to say how much the hackers had demanded from the district or whether that demand had been met.
Brett Callow, a threat analyst with Emsisoft, a New Zealand cybersecurity firm, said in an email that the scale and severity of ransomware attacks are on the rise.
“These incidents are becoming increasingly common and increasingly serious with the average demand having increased from about $5K in 2018 to $150K to $250K today,” Callow said. “Multimillion-dollar demands are becoming ever more commonplace. So far this year, at least 63 U.S. school districts and colleges have been impacted by ransomware, impacting learning at up to 1,302 individual schools.”
Callow said the only way to end the attacks is to prohibit payment of demands.
“These attacks happen for one reason and one reason only: they’re profitable,” he said. “If the flow of cash stops, the attacks will stop.”