Online Learning Company K12 Paying Ransom Following Ransomware Attack
Online learning solutions provider K12 Inc., which recently announced changing its name to Stride Inc., said on Monday that it had decided to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware.
The company said it recently detected unauthorized activity on its network. The attackers deployed a piece of ransomware and accessed information stored on some corporate back-office systems. This includes student and employee information, but Stride has yet to determine exactly what type of information has been compromised.
Stride pointed out that the attack did not disrupt its learning management system, nor any major corporate systems — it claimed accounting, payroll, procurement, enrollment and shipping systems remained operational. It also claimed that data on the learning management system was not accessed during the breach.
However, due to the fact that the attackers did manage to obtain some information, the company has decided to pay them.
“We carry insurance, including cyber insurance, which we believe to be commensurate with our size and the nature of our operations. We have already worked with our cyber insurance provider to make a payment to the ransomware attacker, as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed,” Stride said on Monday.
It added, “While there is always a risk that the threat actor will not adhere to negotiated terms, based on the specific characteristics of the case, and the guidance we have received about the attack and the threat actor, we believe the payment was a reasonable measure to take in order to prevent misuse of any information the attacker obtained.”
It’s currently unclear what type of ransomware was used in the attack and how much the company is paying to the cybercriminals. SecurityWeek has reached out to Stride for more information and will update this article if the company responds.
The company does not expect the incident to have a material impact on its operations or financial results. It has also created a team of data security compliance advisors, which includes former US Attorneys and Attorneys General, to guide its response to the incident, including in terms of compliance with federal and state laws.
The U.S. Department of the Treasury recently issued an advisory to warn companies that facilitate ransomware payments of the potential legal implications resulting from dealing with sanctioned entities.
A cybersecurity company reported last year that K12 had exposed a database containing nearly 7 million student records.