Hacker Group MAZE Attacks FCPS

While students are staying home and wearing masks to avoid contracting the coronavirus, FCPS has been infected with another type of virus. On Friday, September 11, a ransomware group called Maze hacked into the Fairfax County Public Schools (FCPS) technology system and held personal information for ransom. As of October 26, it is unknown how much information they have, and the details about the attack are being held back until the investigation is complete. However, Maze uploaded a zip file to show proof that they successfully stole data from the school system.

What Maze did is called a ransomware attack, which is when an attacker blocks a victim’s data or system and then demands a payment from the victim to unblock the data and make it accessible again.

“The most common attack vector is a phishing attack where an email is sent with a malicious attachment that they hope the victim will click on or open,” said Ryan Dillon, technology support specialist. 

This is not Maze’s first time, as they claimed they attacked other school districts across the U.S., hospitals and clinics and cybersecurity insurance company Chubb. FCPS says it is “taking this matter very seriously and [is] working diligently to address the issue.” Although this attack did not directly affect virtual learning classes, it still posed a threat to the FCPS community’s internet safety. 

“I was really shocked and scared to see that someone could have my personal information,” said senior Priscilla Bae. “It made me concerned.”

Cartoon by Ariana Tackett

Taking the precautions to make sure that cybercriminals cannot gain access to one’s personal or financial information is crucial, especially since students are shifting schoolwork to the internet with FCPSOn, which is FCPS’s program that provides all students with a personal laptop.

“People need to take hacks seriously as they can lead to larger real-life problems,” said Dillon. “A malicious person that gains access to personal information may be able to ‘steal’ your identity and apply for loans and credit cards in your name.”

Fortunately, both Woodson and FCPS provide numerous resources that can help students, staff and the community to make sure that they are taking the necessary steps to secure their information. For example, in the FCPS Student Rights & Responsibilities, it states that students “are prohibited from downloading inappropriate or illegal material on FCPS computers or networks.” Students are also “not to reveal personal information (last name, home address, phone number) in correspondence with unknown parties” and can “only use software or apps on FCPS devices or networks that have been approved.” These strict technology policies may seem obvious, but they are the easiest ways to prevent malware.

Another way to make sure that one’s computer is not susceptible to malware is to run a health check. Health checks run a series of tests that can determine if the computer is functioning properly, if the computer is up to date, and if there is any malware present. 

Updates come out frequently for browsers like Chrome,” said Dillon. “Windows and Mac OS are regularly patched. A computer should have antivirus software.” To run a health check on an FCPS-issued laptop, one can click the “Health Check” icon on the desktop. 

Although cybercriminals can still gain access to your device, taking small steps can lower those chances. 

“I make my accounts private, create strong passwords, and I don’t go on websites where I could potentially get hacked,” said Bae. “I try not to leave my information out there.”