Virginia school district open despite LockBit ransomware attack

A school district in Virginia has managed to keep classrooms open despite facing an attack from a notorious Russian ransomware gang.

Fauquier County Public Schools runs 20 elementary, middle and high schools for more than 11,200 students. The county is about an hour from Washington D.C.

A spokesperson for the district confirmed to Recorded Future News that it suffered a ransomware attack on September 12 and “immediately engaged cybersecurity experts and notified the appropriate law enforcement agencies.”

“Upon learning of this, we took immediate action to begin an internal investigation and created an incident response team that includes some of the country’s leading cybersecurity experts. Fortunately, the impact was minimal and we have been fully operational,” they said.

“At this time we do not believe that any personal student or staff information has been compromised. We are grateful to our teachers and staff who have remained focused on the education of our students.”

The LockBit ransomware gang said on Sunday that it was behind the attack, giving the school district until October 19 to pay an undisclosed ransom for an unknown amount of data. The school district did not respond to requests for comment about what information may have been taken or whether a ransom would be paid.

#Lockbit #ransomware group has allegedly #hacked the Fauquier County Public Schools (@FCPS1News), a public school district in #Virginia, #UnitedStates… pic.twitter.com/RJtsQqOhkO

— BetterCyber (@_bettercyber_) October 1, 2023

Since the school year began, dozens of K-12 schools and universities have faced attacks by ransomware gangs.

Ransomware groups have made a point of targeting schools at the beginning and the end of school years, hoping that the pressure of opening day, final exams and graduations will force schools into paying exorbitant ransoms.

Prince George’s County Public Schools — about an hour and a half away from Fauquier County — suffered its own attack on August 15 which brought down the schools’ email and phone lines.

Over the last two months, ransomware gangs have added dozens of K-12 schools to their leak sites, a continuation of a trend last school year, when schools in Minnesota, Iowa, West Virginia, California, Pennsylvania, New Hampshire, Arizona, Massachusetts and more dealt with outages as well as the theft of sensitive student and employee data.

While some have faced days-long shutdowns, others have been able to avoid being grievously affected by attacks.

Most prolific ransomware groups as of September 2023.

The LockBit ransomware gang continues to operate with near impunity, remaining the most prolific attackers currently operating. The gang crippled a major hospital network in New York, a city in France and an electrical organization run by the government of Montreal all in the last month.

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.