Authorities denied a ransom demanded for unlocking district computer servers after they released documents containing Social Security numbers, student grades and other private information stolen from a large public-school district in Las Vegas.
The illegal release last weekend of sensitive information from the Clark County School District in Las Vegas, with nearly 320,000 students, shows an increase in the tactic of hackers taking advantage of schools that rely heavily on learning online and technology to operate during coronavirus. Nationwide epidemic. The district’s information is being reported for the first time by the Wisal Street Journal.
Even before the outbreak, hackers have attacked school districts and other institutions with sensitive information, specifically blocking users from accessing their own computer systems until a ransom is paid. In those cases, so-called rinsomware disabled the operation of the district but hackers did not usually expose harmful information about students or employees.
“The big difference between this school year and last school year is that they didn’t steal data, and this year they do,” said Brett Cullo, a threat analyst at cybersecurity company MCSoft, who said they could easily have accessed Clark County. . Data on hacker website. “If payment is not made, they publish the stolen data online, and it has happened in multiple districts.”
Ransom has been paid in some districts, with instances ranging from 25 25,000 to more than ,000 200,000 found by the journal, which determines that rebuilding servers is more expensive and can delay teaching for weeks. Consultants often advise districts that hackers generally have a good record of freeing control of servers when making payments to entice them to pay in the future.
Administrators at Clark County, the largest school district known to have been hit by ransomware since the epidemic began, did not comment on the information release, but told the Journal Sept. Sent a notice posted on the 9th.
The notice said that on August 27, three days after the school started online, some files could not be opened due to a virus later known as ransomware. Some private information has been accessed, the notice said, and advises individuals to review account statements and monitor credit reports for questionable activity. On Aug 27, district officials noted there were no problems with learning online learning platforms, with a Facebook post confirming the data security incident.
The notice said the district notified law enforcement and began an investigation, including working with third-party forensic investigators to determine the full nature and scope of the incident and secure the CCSD network. The district said it is working to restore all systems to safe, full functionality.
Some parents demanded more information in response to Gust’s Facebook post on 27 Aug. “The safety of our children should be the # 1 priority !!! Give us some peace,” one wrote.
The Federal Bureau of Investigations does not endorse paying ransom, but says it understands that organizations facing inability to act will evaluate all options to protect employees and customers. The agency says paying ransom encourages hackers to target other organizations.
On Sept. 14, the hacker released a stolen district information file to Clark County on its website that appeared to be insensitive, sending him a warning, Mr. K. Lowe said, who could see what was posted by the hacker. However, late last week, Mr. Klowlo said, the hacker loads files of a more sensitive nature, including employee social security numbers, addresses and retirement papers. For students, published information includes name, grade, date of birth, address and a data file with the schools attending the school.
Mr Kallo said he did not need a password to access the information. He said he found links to stolen information in the area of the hacker’s site for “new customers”, as he calls the organizations he holds hostage. He added that the hacker had indicated that the stolen Clark County data had been posted.
Clark County did not respond to questions about the amount of ransom demanded by the hacker. It could not be determined whether the district re-entered its systems.
Rebecca Garcia, president of the Nevada Parent-Teacher Association, which has three children in Clark County schools, said Monday that some of its members are concerned they have not yet heard from the school district when the information was leaked after the journal reported the data breach.
“Going forward at this point, we need transparency, and from a data security standpoint, we need to know what will be done to eliminate it.” “And as parents, we need to be vigilant in monitoring and tracking the identities of our students going forward.”
School districts typically do not declare ransomware attacks or payments made in Bitcoin or other cryptocurrencies, and disclosure requirements vary by state. Some administrators say they want to move on after being plunged into the unfamiliar world of shadow criminals, secret notes in broken English, and the Dark Web.
The ransom amount is often negotiated. In Texas, the 10,000-student Sheldon Independent School District in Houston paid 20 206,931 from its reserve fund after being hacked in March, out of an initial ransom of about, 350,000, district officials said. The district said the attack has made it unforgivable and also threatened the distribution of incoming paychecks. Cyber insurance coverage paid for other costs related to the attack, such as forensic review of servers, according to the district.
“Sometimes people wonder why we paid him.” “It was very important for us to move forward.”
Coverware, a company negotiating a ransom, reported a 60% increase in average ransom payments for all industries to 178,254 in the second quarter ending in June. The firm says that once the ransom was paid, hackers had about 99% of the rate of delivery of decryption tools to hostage companies or organizations.
Write to Townell.Hobs
Copyright Pirate 20 2020 Dow Jones & Co., Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8
.