Posted on April 2, 2021 at 7:03 PM
An international hacking syndicate has compromised a Florida school district and demanded $40 million as ransom. The hacking group threatened that it will release the records of teachers and students if the ransom is not paid.
However, the threat actors later cut down the ransom to $15 million only if the district pays in Bitcoin. This prompted the district rep to say that the district doesn’t have any Bitcoin.
1TB of data stolen
According to a March 26 transcript, the Conti malware group negotiated for two weeks with Broward County Public Schools over the ransom demand.
The hackers revealed to the district that they had access to the personal data on March 12, five days after the attack that led to the temporary shutdown of the district’s computers.
“The bad news is that we hacked your network and encrypted your servers,” the hackers stated.
The hackers added that they downloaded over 1TB of the personal data belonging to the teachers and the students of the schools.
The hackers reiterated that they decided to be down the ransom amount because they are in for business and don’t want to ruin the district’s reputation by releasing the data. They stated that it’s up to the district’s hand whether the data should be released to the public or still kept a secret.
The Conti group added that the district will be subject to massive court and government fines if the file is released to the public. The group also stated that the district has enough Bitcoin to pay the ransom because it has seen the district’s records.
District rep offers only $500,000
The district rep did not confirm or deny the authenticity of the transcript but said the district has no intention of meeting the hackers’ demands.
The rep said the amount requested is too high for a school funded by taxpayers’ money.
“This is a weekend and we could not even pay you $10 today let alone millions when our bank is closed,” the rep reiterated.
The threat actors later dropped the ransom price to $10 million. However, the district rep insisted it doesn’t have that kind of money, but can afford $500,000 for the data.
But the hackers replied that the school records show that the district has revenues of over $4 billion. “So it is a possible amount for you,” the hackers stated.
The district rep didn’t reply to questions when asked why the district chose to offer $500,000 for the data. But it seems the amount is the limit Broward Public Schools can afford without requiring approval in a public meeting.
Investigation into the hacking incidence is ongoing, but a statement from the district noted that no case of a teacher or student data breach has been discovered. It added that there are ongoing efforts to restore the systems.
The threat actors responsible for the hacking incident have been identified as the Conti Group, which emerged late last year. The hacking group has been tied to over 300 attacks within the past five months.
They have a wide range of targets, including school districts, hospitals, and local governments.
The group is also part of a broader spectrum of hackers which demand million-dollar ransoms from their victims. These groups operate out of Russia or in other regions that don’t share extradition treaties with the U.S. It means even if they are caught, it will be difficult to get them to the U.S. to face charges.
Investigation about the attack is ongoing
Broward County Public Schools revealed that it recently discovered that some of its systems were compromised within the BCPS computer network. After learning about the incident, the district noted that it immediately commenced an internal investigation after securing its network.
The district also said it has engaged a cybersecurity firm and informed authorities about the incident. It added that several measures have been taken to secure the systems against further ransomware attacks in the future.
Doug Levin, a cybersecurity expert, said there is no honor among hackers who are targeting schools. He added that it doesn’t paint the hacking group in a great light to demand such a ransom from the school district.
At the time of writing, parents of the impacted schools have not been informed yet.