Online school giant K12 Inc pays Ryuk Ransomware

December 16, 2020
ryuk ransomware data leak K12 Inc Online School compromised data

Current on the list of the victim of the Ryuk ransomware is the K12 Inc. that caters online educational program from kindergarten to grade 12. With the ongoing pandemic, the company is attending now to over a million students that choose to take online classes that they offered rather than be in the conventional way of learning in attending class in a standard room.

Since being sold off to the black market as ransomware-as-a-software, Ryuk ransomware became infamous in an instant. With its customizable codes, this has been used to victimize many prominent groups in different sectors from financial companies, health organizations, and educational institutions.

K12 Inc. confirmed that they have been victimized by the Ryuk adversary. Upon discovery, they have already mitigated plans such as disconnecting the network to stop the propagation of the inspection.


K12 Inc.’s official statement stated that the attack happened in November and immediately contacted the authority of proper reporting such incident.


The authority has been working with a professional security individual to aid on the whole process of investigation, negotiation, and further securing the parameter to halt the damage that has been done. They reported that a critical database has been saved from the infection. However, student profiles and few back-office systems have been successfully encrypted and been stolen by the perpetrators. For this reason, they have paid an unknown amount to the adversary by using their cyber insurance to retrieve the stolen data and prevent it from being sold off onto the dark web. By paying the ransom and heed to the perpetrator’s demand, they believed there is a must on their current situation.

Based on the statistics, ransomware adversaries are more active nowadays as successful intrusion means a double edge profit. To ensure that they will profit from the attack, they initially perform data exfiltration before performing the encryption. In this manner, they can ask for ransom money in exchange for file decryption, else, they can sell the exfiltrated data on the dark web wherein many malicious actors can feast on many possibilities on gaining profit out of the leaked information. Thus, many victims heed the perpetrators demand even if the decryption no longer matter, but the prospect of leaked information will indeed inflict damage to the company.

With numerous and growing numbers of organizations being a fallen victim to ransomware, many cybersecurity experts still do not approve of paying any ransom because these adversaries are mostly not true to their promise. Citing examples that an organization paid an enormous sum of money and had believed that stolen data have been already deleted. However, a few weeks later, the same perpetrators contacted the company and ask again for another ransom showing the same data that supposed to have been deleted. With this scenario, experts do advise victims that rather than paying the ransom, should spend the resources in mitigating plans to prevent another attack and proper communication with clients and customers about the possible impact of the breach. Tolerating these perpetrators by paying a ransom will just solve the problem for now, but will haunt us in the future.

About the author

Leave a Reply