Photo courtesy of LIFARS

Example of previous ransomware attack conducted by Maze on Cognizant

     Westfield High School, amid a period of tough transition after beginning the 2020 school year virtually, faced a new threat in early September: Maze ransomware. According to NBS, this experienced hacking group broke into the FCPS Computer network and got a hold of personal information of staff and students. 


     Shortly after the issue surfaced around September 9, Maze released a zip file on its website with a few documents it had acquired as “proof” of the cyberattack. News4, who had access to Maze’s website, reported that the file included several private administrator letters regarding student disciplinary actions. Additionally, NBS cautioned that confidential staff information, such as social security numbers and salary information, could be at risk.

Maze Ransomware Logo (Photo courtesy of Cyfirma)


     According to Brett Callow, who works at Emsisoft Cyber Security, “It’s more concerning for the staff whose social security numbers could be exposed, whose salary information could be exposed.” 


     Soon after News4 publically covered this situation, Maze proceeded to remove the documents they had released. According to NBC, this was because FCPS had begun to negotiate ransom with the criminals. In fact, Maze had requested millions in ransom in exchange of ending the attack. 


     Drew Wilder, the Northern Virginia Bureau reporter in charge of investigating this cyberattack, was more concerned about the fact that the FCPS staff was not notified of the entire situation until it was covered on the news three days after FCPS was contacted by Maze. 


     Gretchen Snyder, Westfield’s Social Studies Department Chair, shared her opinion on the situation: “While I would have liked to be informed before the general public, I’m not sure that there would have been anything for me to do with that information.  I cannot speak to what caused the delay from FCPS in notifying staff.”


     Andrew Donnelly, Westfield Physics teacher, similarly stated, “Transparency has not been the normal course of action for our county for some time. I would like to have known so that I can shut down access to my funds and accounts as rapidly as possible. Saving their butts from looking as bad may very well have cost some of my co-workers.”


     “We are taking this matter very seriously and are working diligently to address the issue,” Lucy Caldwell, FCPS spokeswoman,  said in the official FCPS statement regarding this event. “We have retained leading security experts to help us investigate the matter and recover from the situation. We also are coordinating our efforts with law enforcement authorities. The protection of our students’ information is a top priority for Fairfax County Public Schools.”


     The statement additionally mentioned that FCPS was collaborating with the FBI on resolving the matter. “We are working closely with the FBI and Virginia State Police and supporting their own investigations to bring the criminals to justice.”


     Despite FCPS’ efforts to combat this issue, a link with a majority of the information acquired by the attack was released on the dark web by Maze on October 9. NBC stated that among the leaked documents shared through the link, was a spreadsheet from 2014 containing hundreds of FCPS’ staff names, social security numbers, and some employees’ health insurance information. Every single one of these individuals are now prone to identity theft.


     Callow added, “Besides providing people with the resources and tools they need to protect themselves against data theft, there is really not much that the District can do. The data has been posted. Other people may have downloaded it and may use it for nefarious purposes.”


     FCPS seemed to largely agree with him, and appeared to prioritize the secure procession  of online learning over a successful and clear end of the cyber attack. 


     In a statement sent to News4, FCPS declared, “At this time, our ongoing investigation has revealed that certain personal information for some students and employees may have been impacted. We want to be clear that while our investigation progresses, our focus will remain on delivering a safe, productive virtual learning environment to all of our students. We are working around the clock to identify the information that was taken and will notify impacted individuals as appropriate.”