Fresh details of negotiation between attackers & officials from Broward County Public Schools in Florida, USA surfaced after a ransomware attack early last month.
The Conti Gang has demanded a $40m ransom from a Fort Lauderdale, FL., school district after a ransomware attack last month. Attackers stole personal information from students & teachers, disrupted the district’s networks, & caused some services to be unavailable.
The incident that was discovered on Mar. 7 at Broward County Public Schools gained limited attention at the time of attack.
However, new details have emerged on DataBreaches.net, which recently posted a screenshot of a chat between attackers & a school district official about the sum of money attackers demanded. That has shed new light on the incident, given the exorbitant nature of the ransom demands.
During the conversation, the attackers, who claim to be from the “ContiLocker Team” — told the official that they had not only encrypted files, but also had downloaded “more than 1Tb of personal data, including financial, contracts, database & other documents” containing Social Security numbers & other personal information about teachers & students
.To decrypt the files & prevent attackers from publishing the info online, the group demanded a ransom of $40m. They told the official that their research revealed that the school district had revenues of $4b, justifying their demand.
Confusion & Shock
The Broward County official responded with confusion & shock. “You cannot possibly think we have anything close to this!” the official stated, according to the screenshot.
The district does not plan to pay up, it commented.
“Broward County Public Schools is continuing to work with cyber-security experts to investigate the incident & remediate affected systems,” the district confirmed in a statement. “Efforts to restore all systems are underway and progressing well. We have no intention of paying a ransom.”
Education Sector Economics
Broward County Public Schools, with 271,000 students, is the US’s 6th-largest school district & does have an annual budget of about $4 billion. However, the ransom demand still shows that “this particular threat actor group is woefully underinformed,” stated 1 security expert.
Even with that level of revenue, a US public school district still would not have the kind of capital on hand to pay so much money to hackers, Chloé Messdaghi, founder of global ethical hacker community WeAreHackerz, concluded.
“US school districts may appear to some have large budgets, but almost all of those budgets are committed to ongoing expenses that are deeply & contractually committed,” she explained. “There’s little to no discretionary budget, & even core resources are underfunded.”
Indeed, though ransomware groups often ask for ransoms in the millions, the amount demanded from the school district is extremely high, even for the Conti Gang. In Nov., for instance, the group attacked chip manufacturer Advantech, demanding the bitcoin equivalent of $14m from the company, which reported more than $51b in revenue for the fiscal year 2020.
The unrealistic demand also demonstrates that the threat players behind Conti Gang are clearly not from the US, or they would probably know how the finances of public-school systems work, Messdaghi observed.
Asking for such a large sum from the district also shows “the worst of criminal intent — especially at a time when schools are struggling to sustain education in the midst of the pandemic, while taking on the added missions of reaching those kids suffering from food insecurity & unsafe home lives,” she commented.
Student Data Not Affected
Upon discovering the “service disruption, which impacted the availability of certain systems” on March 7, Broward County Public Schools immediately began to investigate with the help of a cyber-security firm, according to a post on its website.
Officials did originally offer to pay $500,000 to attackers, according to a published report. Upon this offer, the Conti Gang ended negotiations, according to the report.
Officials explained that they were not aware of any student or employee personal data that was compromised in the incident but would make the necessary disclosures if this turned out to correct.
“At this point in the investigation, we are not aware of any student or employee personal data that has been compromised as a result of this incident,” the district explained.
“If the investigation uncovers any compromised personal data, the District will provide appropriate notification to those affected. No additional information is being shared to protect the integrity of the ongoing investigation.”
The school district is continuing to determine the scope of the incident as well as to restore its systems to complete functionality while law enforcement investigates the attack.
Educational institutions are among the public entities that have fallen victim to an epidemic of attacks by ransomware gangs in the last year. Last Sept., a ransomware attack on California’s Newhall School District in Valencia affected all distance learning across 10 different grade schools.
That same month, the Clark County School District, which includes Las Vegas, was crippled by a ransomware attack by the Maze gang; data stolen from that attack turned up on an underground forum later that month.
Meanwhile, last summer alone, 4 different universities fell victim to the NetWalker ransomware gang, according to tallies from Avira: The University of Utah (which paid almost $500k); Columbia College in Chicago (ransom status unknown); Michigan State University (no ransom paid); & the University of California San Francisco (which paid $1.14m).
“Ransomware groups are continuing with the trend of data theft in addition to encryption,” Eddy Bobritsky, CEO at Minerva Labs, outlined.
“Devious ransomware operators understand that they can gain an edge in ransom negotiation by threatening not only to lock corporate data, but to leak it as well. Virtually all big ransomware groups have started leak sites where stolen data is published & unpaying victims are shamed.”
He concluded, “This is just another case demonstrating the major problem of Ransomware attacks that are increasing more & more. It doesn’t matter if you are public school, a contractor dealing with sensitive military data, or a small business with personal client data, they are all targets for this kind of attacks.”