Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management

K12, Online Curriculum Provider, Pays Ransom to Hackers

Ransomware Attackers Exfiltrated Data
K12, Online Curriculum Provider, Pays Ransom to Hackers

K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data.

See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion

The attackers accessed parts of K12's back office system and exfiltrated certain student and employee information, although the company is still investigating exactly what data was accessed, according to a statement.

"We carry insurance, including cyber insurance, which we believe to be commensurate with our size and the nature of our operations. We have already worked with our cyber insurance provider to make a payment to the ransomware attacker as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed," the company says.

K12 acknowledges that there is a risk the attacker will not adhere to the negotiated terms. But based on information gathered on the threat actor through a third-party adviser, the company believes the payment will help prevent any misuse of the stolen data.

The company did not identify the cyber gang involved, the ransomware variant used, when the attack occurred or the ransom amount that was paid.

A K12 spokesperson could not be immediately reached for additional comment.

FBI Warning

The FBI says ransomware victims should avoid paying the hackers because there is no guarantee they will fulfill their promises, such as providing an decryption key or refraining from publishing stolen data.

Paying a ransom “encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” FBI guidance states.

Impact on K12

K12, which is rebranding itself as Stride Inc. as of Dec. 16, says the attack did not affect its "learning management system" that is uses to deliver educational content to students and host student accounts.

"No data on the [learning management system] was compromised nor has the delivery of services over the LMS been interrupted in any way. Our client schools - charter and district online schools - are still open, operating and secure, as they have been since the start of the pandemic," the company says.

K12 also says its primary corporate systems, including payroll, accounting, enrollment, financial reporting, procurement and shipping, were not accessed by the hackers and have remained operational through this incident.

"This investigation is active and ongoing, and our systems are operating with minimal impact,” the company says. “Based on the information currently known and our investigation to date, we do not believe the incident will have a material impact on our business, operations or financial results.”

K12 says it has assembled a data compliance advisory team comprising former state and federal legal professionals, including Catherine Hanaway, former U.S. attorney for the Eastern District of Missouri; William Lockyer, former California state attorney general; and John Byron Van Hollen, former Wisconsin state attorney general and former U.S. attorney for the Western District of Wisconsin.

Schools in the Crosshairs

The educational sector has been hit hard by ransomware this year. For example, the Baltimore County Public Schools system halted online learning for all of its 115,000 students for three days following a Nov. 24 ransomware attack (see: Audit Found Baltimore County Schools Lacked Data Security).

Baltimore County schools re-opened Wednesday while the district continued to recover. The attack affected the district's website, email, grading system and its online educational tools, forcing it to shift platforms so it could resume virtual classes, Superintendent Darryl Williams said at a Tuesday press conference.

Other school districts recently hit with ransomware include Huntsville City Schools in Alabama and Toledo Public Schools in Ohio.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.