Hacking group targets FCPS systems in most recent ransomware attack

PHOTO COURTESY OF WIKIMEDIA COMMONS

Daniel Holtaway, Staff Writer

On Sept. 11, the final day of the first week of the 2020-21 school year, a hacker group going by the name of Maze placed ransomware on FCPS systems. They posted a few sensitive documents on the dark web, claiming they had access to much more. Then on Oct. 9 they delivered on their threat, publishing a spreadsheet on the dark web from 2014 that included employees’ names and social security details, leaving hundreds of FCPS employees exposed to identity theft.

“This is deeply alarming for our community and we urge FCPS to swiftly resolve the issue, take every action possible to maintain the safety of employee and student data and information and keep the FCPS community informed of all developments,” President of the Fairfax County Federation of Teachers Tina Williams said in a statement.

One company that has dedicated itself to stopping ransomware and phishing attacks altogether is cybersecurity company Emsisoft. Emsisoft believes that the only way to stop ransomware attacks is to make them unprofitable, which means not giving in and refraining from paying the ransom. 

“Besides providing people with the resources and tools they need to protect themselves against data theft, there is really not much the district can do,” Emsisoft threat analyst Brett Callow said in an interview with News 4 Washington. “The data has been posted, other people may have downloaded it and may use it for nefarious purposes.”

Another seasoned cybersecurity expert, who due to company policy has requested to stay anonymous, has a different viewpoint when it comes to dealing with ransomware attacks.

“If they have already stolen your data, how are you gonna get it back?,” the cybersecurity expert said. “You can’t, without negotiating. If they’ve encrypted your systems, you cannot decrypt them, because you do not have the keys that they used to encrypt your systems. It would take years. The least expensive option is usually to pay the ransom.”

The big problem with not paying the ransom is that hackers do not need to receive ransom money to profit off of stolen data. 

“Hacker groups such as Maze do not need to receive any ransom in order to profit off of the data they steal,” the same cybersecurity expert said. “They can sell the data to other groups, or even use data stolen to commit crimes like identity theft.”

If there is one thing all experts can agree on, it is that prevention is the only way to counter a ransomware attack without losing money.

“It’s almost like buying insurance,” the same cybersecurity expert said. “The first thing we always tell companies is to make sure you are investing enough in securing your systems. The second thing we tell them is to always monitor your systems so you can shut down a ransomware attack as it happens. The third thing we say is that if you already have a game plan for a malware incident it makes you more likely to handle the crisis well.”

In the meantime, FCPS is committed to making sure that their employees are unharmed by the information leaked.

“At this time, it appears that only a subset of individuals in the FCPS community, including just a limited number of students, were impacted by the incident,” FCPS said in a letter sent to employees. “However, out of an abundance of caution, we are offering credit monitoring and identity restoration services for one year at no cost to all current FCPS employees and their spouses and minor dependents, regardless of whether their data was impacted by the incident.”