Hackers Demand $40M in Ransom From Florida School District

[mood]

Hackers Demand $40M in Ransom From Florida School District

District officials say they have no intention of paying the ransom

 

Hackers left district leaders stunned when they broke into systems belonging to Broward County Public Schools and encrypted district data in a recent ransomware attack.

 

 

The criminals attempted to collect a $40 million ransom and threatened to erase files and post students' and employees' personal information online if the money was not paid.

 

Officials with Broward County Public, one of the nation's largest school districts, said in a statement that initial investigations find no indication that any personal information was stolen.

 

During several days of communications, which were captured in a transcript obtained by the Sun Sentinel, a district official tries to negotiate a lower price for the ransom and explains the district does not have access to enough funds to pay the exorbitant fee requested by the attackers. The district offered to pay $500,000, but negotiations broke down soon after.

 

The district says it is working with experts to investigate the incident and remediate affected systems. Officials have no plans to pay the ransom now.

 

Other public school districts have also been victims of ransomware attacks in recent years. Disctricts in Baltimore County, Md.; Fairfax County, Va.; Hartford, Conn.; and Fort Worth, Texas, all reported being hit in the last year. 

 

More details on the attack can be found here.

 

 

Source: Hackers Demand $40M in Ransom From Florida School District

[mood]

School District’s Files Leaked in $40m Ransomware Attack

 

 

A South Florida school district that refused to pay its cyber-attackers a $40m ransom has had thousands of its files leaked online. 

 

Broward County Public Schools was targeted by the Conti ransomware gang at the beginning of March in an attack that caused a shutdown of its computer system but left classes undisturbed. 

 

Conti demanded that the sixth-largest school district in the United States hand $40m of its annual $4bn budget over to them. 

 

In a transcript published by the gang, a negotiator for the district allegedly said that the ransom demand was impossibly large and countered with an offer to pay $500k. The ransomware gang turned the offer down but dropped their demand by three quarters to $10m. 

 

On March 31, the office of Broward's chief communications officer, Kathy Koch, released a statement declaring that although the district "is aware of the recent actions taken by the criminals who breached our system,” it had no intention of paying those criminals a ransom. 

 

On April 19, Conti published nearly 26,000 files that had been exfiltrated from the school district. Reporters at the South Florida Sun Sentinel who reviewed the data found "a few isolated incidents where confidential student or employee information was released."

 

The 25,971 files date from 2012 to March 2021 and chiefly contain financial records, including purchase orders, invoices, and travel expenses claim forms. 

 

While no Social Security information was found amongst the leaked data, it did include several employee phone lists. 

 

Personal information belonging to one nine-year-old student was exposed on an invoice from the state health department. 

 

The Sentinel reported that most of the Broward data published by Conti is already a matter of public record. Among the information are payments to local police departments and the Broward Sheriff's Office for security, utility bills, 750 mileage reports, and over 700 invoices for spring water. 

 

In the hope of preventing another cyber-attack on Broward, the school district's chief information officer, Phil Dunn, has requested $20m for cybersecurity enhancement. He warned the school board last week that another hit could be devastating.

 

 

Source: School District’s Files Leaked in $40m Ransomware Attack