FBI supervisor tells Virginia school IT leaders ransomware, phishing and credential theft remain top threats

An FBI cyber supervisor told attendees at Virginia CyberCon that K‑12 systems are a frequent target for ransomware, extortion and credential‑theft operations, and urged school IT leaders to plan ahead and coordinate with law enforcement.

Chris Koch, supervisor of the FBI cyber squad in Richmond, described common attack patterns including ransomware, "double extortion" (where attackers both encrypt and threaten to publish stolen data) and denial‑of‑service attacks timed to interfere with exams or other critical events. Koch said many incidents begin with a compromised account or internal misconfiguration.

"When systems go down, learning stops," Koch told the conference, pressing school technology leaders to prioritize layered defenses: multifactor authentication, network segmentation, tested backups and staff training. He also encouraged school divisions to establish relationships with their local FBI field office and with federal partners so incident response can proceed quickly if an intrusion occurs.

Koch said the FBI routinely coordinates with local incident‑response teams and other federal partners to track intrusions, and that sharing log files and technical indicators can help identify overseas actors. He recommended that districts plan in advance for incident response, keep contact lists current, and make sure counsel and vendors know how and when to share forensic data.

Koch also highlighted crimes that affect students directly, including sextortion and scams that target families, urging districts to include student education and parent outreach in broader cybersecurity planning.