Hackers who wanted $40 million in ransom from a Florida school district that refused to hand over the money recently published almost 26,000 stolen files.
According to the Associated Press (AP), “Many of the files, dated from 2012 to March 2021, contain Broward School District accounting and other financial records, which include invoices, purchase orders, and travel and reimbursement forms, the South Florida SunSentinel reported.”
However, none of the files the newspaper reviewed so far contained anyone’s Social Security numbers.
The AP article continued:
The international malware group Conti posted the files Monday, the newspaper reported. Last month the hackers posted a transcript of a conversation with an unidentified Broward schools representative which offered to pay $500,000 to retrieve data. The hackers initially demanded $40 million but dropped the price to $10 million. On March 31, the district announced it had no intention of paying a ransom.
In a statement, Kathy Kochhe, the district’s chief communications officer, said officials are determining their next step and will notify those whose personal information was posted.
“Cybersecurity experts are continuing to investigate the incident and enhance measures system-wide,” the statement read.
The district also shared additional information regarding the breach on its website.
“The school district has an annual budget of about $4 billion — a fact the hackers kept returning to as they demanded $40 million, to be paid in cryptocurrency,” the AP article said, adding that some confidential material was posted.
In September, confidential personal data was compromised by hackers targeting the Clark County School District in Nevada.
“A cybersecurity firm claims that the hackers publicly released all of the documents they gained access to after the district refused to pay the ransom. The compromised data includes the social security numbers of district employees,” Breitbart News reported.
In June 2019, the City of Riviera Beach, Florida, agreed to fork over $600,000 ransom in Bitcoin form to hackers who encrypted its data, deciding efforts to fight the theft would be more expensive and likely pointless.
However, the Federal Bureau of Investigation (FBI) “does not support paying a ransom in response to a ransomware attack.”
“Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” its website reads.
The Florida school district’s chief information officer recently warned the school board another cyber attack may affect its ability to pay workers and keep school doors open.
“Phil Dunn requested $20 million to enhance the district’s cyber-security efforts, and the board plans to make a final decision soon,” the AP report concluded.