fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

K12 Online Schooling Giant Pays Ryuk Ransomware To Stop Data Leak

K12 Online Schooling Giant Pays Ryuk Ransomware To Stop Data Leak

Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November.

K12 creates tailored online learning curriculums for students to learn from home while in kindergarten through 12th grade. Over 1 million students have utilized K12 to learn from home rather than in traditional public school environments.

K12 announced this week that they suffered a ransomware attack in mid-November that caused them to lock down some of their IT systems to prevent the attack’s spread.

“In mid-November, we detected unauthorized activity on our network, which has since been confirmed as a criminal attack in the form of ransomware.  Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident,” K12 told BleepingComputer in a statement.

Also Read: How to Send Mass Email Without Showing Addresses: 2 Great Workarounds

This attack did not impact their online Learning Management System (LMS) to deliver educational content or affiliated charter schools. They also state that most major systems, including payroll, accounting, and enrollment systems, were unaffected.

However, the attackers did gain access to some back-office systems that contained student data and other information.

K12 paid Ryuk ransom to prevent data leak

Sources in the cybersecurity industry have told BleepingComputer that the Ryuk ransomware hit K12 Inc.

When performing attacks, the Ryuk ransomware gang is known to steal unencrypted data before encrypting devices. This data is then used in ‘double-extortion’ attempts where the ransomware gang threatens to leak stolen data if a ransom is not paid.

As the leaking of student data would be disastrous for any company, K12 utilized their cyber insurance to pay the Ryuk ransom. It is not known how much was paid, but as part of the payment, K12 was assured by the threat actors that they would not release stolen data.

“We have already worked with our cyber insurance provider to make a payment to the ransomware attacker, as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed..”

“While there is always a risk that the threat actor will not adhere to negotiated terms, based on the specific characteristics of the case, and the guidance we have received about the attack and the threat actor, we believe the payment was a reasonable measure to take in order to prevent misuse of any information the attacker obtained,” K12 announced.

Ransomware negotiators have been increasingly warning that threat actors are not always keeping their promises regarding stolen data.

Also Read: How a Smart Contract Audit Works and Why it is Important

Due to this, ransomware negotiation firm Coveware tells victims that it does not make sense to pay a ransom as there is no way to know for sure if data will be deleted or misused in the future.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us