Virginia public schools, new target of ransomware attacks. Will the authorities pay the ransom?

Ransomware incidents keep popping up while victims face a crossroads: try to recover their files on their own, or negotiate with the attackers and pay a ransom. This time, cybersecurity services experts have detected a new attack against multiple public schools in New Kent County, Virginia.

In this regard, Superintendent Brian Nichols mentioned that “during the incident the files located on the hard drives of the school district’s computers were encrypted, so for now it is not possible for the school system to access this information.” Simply put, it is now impossible for the administrative staff of these schools to do their jobs as normal, and they will have to work on forced marches to start the school year as planned.

It is necessary to remember that a ransomware attack consists of a malicious program that encrypts the files of a computer or system, demanding a ransom in exchange for restoring normal access to the compromised information; hackers generally demand that this payment be made via transfers of cryptocurrencies such as Bitcoin. According to experts in cybersecurity services, ransomware is typically developed by groups of cybercriminals without affiliation to political organizations, although some of the most dangerous variants of this malware have been developed by groups of hackers backed by governments in countries such as Russia or North Korea.

In subsequent statements, Superintendent Nichols mentioned that the school district has hired the services of a group of experts in external cybersecurity services. In addition, he said the investigation is progressing well and pledged to continue sharing updates on the incident. “The FBI and Federal Police are also collaborating on the investigation; although this process has not concluded, we can assure you that we have found no evidence to prove the theft of confidential information,” Nichols says.

For now, state authorities do not plan to change the start date of the school year, so New Kent schools will open the same day as the rest of public schools in Virginia, “we will try to keep student registration systems ready for the first day of school,” the superintendent added. So far it is unknown whether local authorities have considered paying the ransom to hackers, although this measure is, for obvious reasons, very risky.

In the most recent months, cybersecurity services specialists from the International Institute of Cyber Security (IICS) have reported at least ten incidents of ransomware attack on school systems in U.S. states such as Florida, Idaho and New York. Nevertheless, the most impactful case occurred in the state of Louisiana, where a group of threat actors were able to fully encrypt access to the systems of an entire school district. To an unprecedented extent, the state governor declared a state of emergency throughout the territory, leading to the intervention of federal security agencies and the restructuring of the IT systems throughout the affected district.