Minneapolis Schools are Facing a Cyber Ransom of $1 Million
Table of Contents
- By Steven
- Mar 16, 2023
The Minneapolis public school district includes approximately 100 primary and secondary public schools. Between the many different schools, approximately 36,000 students are served by about 1,500 teachers. The district is currently suffering from a ransomware attack supposedly and is being extorted for a $1 Million payment by a ransomware gang.
How Did the Attack Occur?
According to the Medusa ransomware gang, the organization has gained access to the schools' files and has encrypted them to bring the network down. Not only does the gang report having access to all the school's major files, but it's threatening to sell the information online if it isn't paid what it's demanding. The gang is demanding an additional payment of $50,000 to give the school an extension to come up with the rest of the money and is planning to sell off the information online if the school doesn't pay the total ransom amount of $1 Million.
What Information Was Viewed or Stolen?
Most of the Minneapolis school district files have been encrypted and presumably copied onto offsite storage for later release by the ransomware gang. The information likely includes contact information, phone numbers, email addresses, medical information, and possibly some financial information about students, teachers, and parents of students. While we don't know for sure that the ransomware gang actually has the information they say they do or that the information will be used in a harmful way, everyone in that school district is at an increased risk because of the cyber attack.
How Did The Minneapolis School District Admit to the Breach?
The Minneapolis School District put out a statement about the recent attack after the ransomware gang put up video footage of the inside of the school's data network. The video is 51 minutes long and shows the gang inside the school network. The video was put up on the gang's Tor website, and it was picked up by Emsisoft's threat analyst Brett Callow. Callow tweeted about the attack and remarked about how posting an access video was a new tactic that most ransomware gangs aren't yet using.
What Will Become of the Stolen Information?
The school district has already made a statement saying that it won't pay the ransom demand, and that means the stolen information is likely to be sold off and distributed around the internet. If there are any financial details, social security numbers, phone numbers, and other important documents, they will be leveraged in harmful ways in an effort to make money.
What Should Affected Parties Do in the Aftermath of the Breach?
If you're part of the school district and you believe your information is at risk, take steps to secure your financial accounts and monitor your credit. Consider a credit monitoring service or putting a freeze on your credit. Watch your bank accounts and credit cards closely for any suspicious activity. It will take time for the attackers to make use of any stolen information, and it's up to you to watch for problems and to take steps to protect yourself.