U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

K12 education giant paid the ransom to the Ryuk gang

Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a ransom to avoid data leak. The education company Online education giant K12 Inc. has paid a ransom to the ransomware operators after the gang infected its systems in November. K12 Inc. is a for-profit education company that sells online schooling […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a ransom to avoid data leak.

The education company Online education giant K12 Inc. has paid a ransom to the ransomware operators after the gang infected its systems in November.

K12 Inc. is a for-profit education company that sells online schooling and curricula. K12 is an education management organization (EMO) that provides online education designed as an alternative to traditional “brick and mortar” education for public school students from kindergarten to 12th grade, Publicly traded K12 is the largest EMO in terms of enrollment.

K12 publicly disclosed the ransomware attack this week, the incident took place in mid-November and forced the company to shut down its systems to prevent the malware from spreading.

According to the company, the ransomware operator accessed “certain parts” of their corporate back-office systems, the incident might have exposed “some student and employee information” on the affected systems.

The attack did not affect the Learning Management System (“LMS”) that is used to provide educational content to students and to host student accounts.

“K12 Inc. (NYSE: LRN) (“Stride” or “we”) – to be Stride, Inc. effective December 16, 2020 – has detected unauthorized activity on its network, which has since been confirmed as a criminal attack in the form of ransomware.” reads the press release.

“Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident.”

The company quickly initiated incident response procedures and lock down impacted systems, it also notified federal law enforcement authorities K12 retained an industry-leading third-party forensics team to investigate the incident.

This attack did not impact their online Learning Management System (LMS) to deliver educational content or affiliated charter schools. They also state that most major systems, including payroll, accounting, and enrollment systems, were unaffected.

Bleeping Computer has learned aware that K12 was hit by Ryuk ransomware and K12 paid the ransom utilizing their cyber insurance. At the time of this writing, it is not known the ransom amount.

“We have already worked with our cyber insurance provider to make a payment to the ransomware attacker, as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed..” the company told Bleeping Computer.

K12 paid the ransom to prevent misuse of any information the ransomware operators have stolen.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Ryuk)

[adrotate banner=”5″]

[adrotate banner=”13″]