Kalamazoo Public Schools District Cyber Attack Claimed by the Interlock Ransomware Group

• The Kalamazoo Public Schools District cyber attack has been claimed by the Interlock ransomware group
• KPS suspected the incident to be an internet outage, as was announced in April
• They also speculated that their systems were impacted during the PowerSchool data breach

The cybersecurity incident that was confirmed and announced by the Kalamazoo Public School District (KPS) this April has recently been claimed by the Interlock ransomware group. The district that operates 25 public schools lost internet connectivity, leading to impaired email access. 

The Interlock ransomware group operates under the Ransomware-as-a-Service (RaaS) model and encrypted files with the “.interlock” extension. The group gains initial access to a system by offering fake Google Chrome, or Microsoft Edge software updates, detailed a Cyble report.

Back in April, the district noted that it suffered a network security incident; however, officials believed that it was not a targeted attack against KPS, according to a letter sent to employees and families.

Classes and phone systems remained opened while conferences were cancelled. Security researcher Dominic Alvieri posted on X that the Kalamazoo suffered a targeted attack impacting about 12,000 students privacy.

An alert posted on the school districts website stated that internet outage continued to impact the connectivity until May 1.

In January, KPS informed about the PowerSchool data breach because the latter provided them with student information management software. The alert noted that threat actors gained access to its customer data, potentially including Kalamazoo Public Schools.

Although a U.S. college student was held who admitted in federal court that he extorted PowerSchool, the impact of the data breach remained unclear. Matthew Lane, 19, gained access to PowerSchool in September by using a compromised contractor's credentials. 

Lane with fellow conspirators demanded $2.85 million in ransom against the stolen data. TechNadu reported that multiple school districts were impacted by the breach and were sent ransom notes for stolen data.

We approached the Kalamazoo Public Schools District for their statement. We will update this report after receiving a response.