Hundreds of schools affected by ransomware infection; hackers expose students and teachers’ sensitive data

The School District of Fort Laudare, Florida revealed that its systems were affected by a ransomware attack perpetrated by hacking group Conti over a month ago. The attackers reportedly managed to compromise the information of students, teachers and staff from hundreds of schools, demanding a $40 million USD ransom in exchange for restoring affected services.

The incident was first reported in early March, when threat actors posted screenshots of their conversation with a school district official, although the demands of hackers were unknown at the time. In this conversation hackers claim to have downloaded about 1TB of sensitive information, including personal records, contracts, databases and other documents.

School district authorities say the incident does not involve students’ confidential information, although threat actors said they were also able to access all personal data stored on these systems.

A couple of weeks later, it was confirmed that hackers demanded a $40 million USD ransom, justifying their demands by ensuring that the school district could generate up to $4 billion USD a year; after receiving an offer of $500,000 USD, hackers canceled negotiations.  In this regard, a representative of the school district mentioned, “We will not pay the ransom, it is impossible for us to have access to those amounts of money.” The representative added that the school district was already working with cybersecurity specialists, so they looked forward to restoring the affected systems shortly.

While the latest figures indicate that Broward County public schools receive an annual budget of about $1 billion USD, it should be mentioned that this money cannot be considered as income for the school district, as these resources are fully used in payroll, maintenance, and all public education-related expenses.

Chloé Messdaghi, founder of the ethical hacking community WeAreHackerz, said: “Many believe school districts have large budgets, but almost all of that money is already committed to ongoing expenses set out in annual contracts; there really is little or almost no discretionary expense.”

That’s why paying this ransom is virtually impossible, even if hackers reduced their expectations, which are common and that experts consider part of the negotiation process. On the other hand, some experts believe that the disrecognisement of the way school district money is used in the U.S. and the excessive ransom demanded are clear indications that the hackers behind the Conti ransomware operate in some foreign country.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.