Conti Ransomware, hits the systems of one of the largest school districts in the United States. They were hacked by cybercriminals who encrypted the data and made a bizarre US$40 million ransom request to release the data.
The hackers said that if the amount is not paid, the personal information of students and school staff will be published on the dark web.
In the United States, school districts are responsible for the administration of all public schools in a given region.
According to a statement from the Florida district, the group of hackers behind the attack is known as Conti. They took over the attack on March 26 and started negotiating with school representatives.
After the initial US$40 million demand, the group said it was willing to negotiate: it would accept US$15 million in Bitcoin, but it should be paid within 24 hours. Otherwise, it would publish students’ personal information and permanently block systems.
A school representative offered US$500,000, which appeared to close the deal, according to the following image.
The school district said, this Wednesday, March 7th, in a press release:
Sixth largest in the USA
With more than 270,000 students, the district is the sixth largest in the United States, with an annual budget of around US$4 billion – a fact that hackers should know, as in ransomwmare attacks, criminals often make requests for settlement with the victim’s profile.
The ransomware caused a brief break in school district systems in early March, but classes were not interrupted.
The district sugested it unable to pay and, in any case, did not have access to that amount of money.
Ransomware gangs require payment in cryptocurrencies to make it harder to tracking.
An epidemic of ransomware attacks has been plaguing government agencies, businesses, and people for the past three years. Most are Russian-speaking groups based in Europe that enjoy a haven for tolerant governments on the issue.
The most sophisticated groups identify their targets in advance, infect networks through phishing or other means, and often steal data while planting malware that encrypts the victim’s network.
After the ransomware is activated, criminals require cryptocurrencies, such as Monero or Bitcoin to unlock the systems – or sell the stolen data. In the case of companies, this data may be trade secrets. In the case of government agencies, it may be personal data.
Public school districts have been a frequent target for ransomware attacks worldwide.
Overall, ransomware attacks have already paralyzed 1,681 schools in the U.S., as well as colleges and universities. In all, seven districts in the country have already had their published on the dark web.
As per clearskysec report, Conti originated by the ‘Wizard Spider’ Russian hacking group. CONTI ransomware is an evolution of one of the group’s most successful ransomware – Ryuk. CONTI is a more accessible version of Ryuk, built for distribution by affiliates in a ‘Ransomware as a service’ model. CONTI ransomware was first spotted by cybersecurity teams in May 2020 and claim to have over 150 successful extortion attacks by the end of 2020, with at least $20M in revenues paid by the victims.