One of the country’s largest school districts was attacked by a cybercriminal group that encrypted district data and demanded a $40 million payment. Otherwise, the group would delete the files and post student’s and staff’s personal data on the internet.
In a statement Thursday, the organization’s high-payout Broward County Public Schools said it had no information about personal data theft and did not pay the money paid to the payment program, which was released last week. The cybercriminals posted screenshots of online talks with the district as an obvious pressure tactic to a dark website.
Fort Lauderdale’s district said it is working in collaboration with cybersecurity experts to “investigate the incident and restore damaged systems. Efforts to restore all systems are ongoing and well underway. We have no intention of paying the toll.” The district offered to pay $500,000 back and forth for two weeks, so the criminals ended the payment program’s negotiations according to the hackers’ screenshots.
The district refused to comment further in addition to its statement. Broward, with 271,000 students, is the country’s sixth-largest school district with an annual budget of about $4 billion – back when cybercriminals demanded $40 million to be paid in cryptocurrency. Ransomware caused the district network to turn off shortly in early March, but classes were not suspended.
“That’s the amount you can afford,” Conti said at the start of talks with a district official whose name is not visible in the screenshots and has not been announced. Malicious content (Malware) that blocks data is one of the top 10 types of payment software.
“It’s a public school district,” Broward negotiator replied. “You can’t think we have anything close to that!” It was unknown if the representative was a district employee or, as is often the case, a negotiator on hired payment programs.
The FBI usually investigates such cybercrimes but said Thursday it would not endorse if it were investigating the attack.
The pestilence of ransomware attacks has plagued businesses, government agencies, and individuals for three years. Mainly ransomware is used by Russian-speaking groups and tolerant governments in Eastern Europe as a haven. Sophisticated cybercriminal groups pre-determine their targes, infect networks with different malwares using phishing or other methods, and very often steal data while planting malware that encrypts the victim’s network.
Once the payment program is installed and running, cybercriminals will demand money to start the malware and prevent the placement or sale of seized data. In the case of enterprises, this information may be a trade secret. It could be social security, bank accounts, and dates of birth at retailers or government offices. Conte claims he stole student’s and employee’s information, birthdays, and social security numbers from the Bworward system.
Public school districts have mostly been the target of attacks against the payment program. Districts of Fairfax County, Virginia; Baltimore County, Maryland; Hartford, Connecticut; and Fort Worth, Texas, were among those hits the previous year. According to the Cybersecurity and Infrastructure Security Agency (CISA), there has been an increase in primary, secondary, and high schools in recent months. In December, K-12 schools accounted for 57% of all attacks in August and September, compared to 28% in January-July.
Overall, 1,681 schools, colleges, and universities stopped payment software attacks in 2020, and at least 544 so far this year, says Bret Kelli, an analyst from cybersecurity firm Emsisoft. Seven districts have also released their personal information.
Due to the responsibility and shame towards victims, many payment details are not reported. Cybersecurity firms have a good understanding of partial payments, as negotiations between victims and hackers occur on obscure websites. Researchers learn about this through typical malware samples, where offenders typically leave notes on payment programs with demands and guidance. An entire sub-industry has also risen to help victims manage emergencies.
According to Palo Alto Networks, a cybersecurity firm, the average payout for cybercriminal gangs has nearly tripled from $115,000 in 2019 to $312,000 in 2020. The organization’s highest payout doubled from $10 million last year to $5 million in 2019.
In Conte’s negotiations with Broward, after the gang’s initial demand for $40 million, he said he was ready to negotiate: he would accept $15 million in Bitcoin, but it needed to be delivered within 24 hours. Otherwise, they will load the claimed personal information and permanently locks the computer system. Conte said the legal claims against the country for the loss of information exceed $50 million, so he should consider bargaining this claim.
“Pay $15 million so you can guarantee you solve your problem,” Conte told the district.
The district noted that it is unable to do so and does not have access to Bitcoin in any case. Ransomware gangs are demanding payment in cyberspace because it can be challenging to identify.
Conte stepped up the threat, saying he found malicious information about an unknown royal in Broward,s database – a county negotiator found it absurd.
