Hackers breach Broward schools’ computer system. They’re demanding millions in ransom
Hackers breached the Broward County Public Schools’ computer system earlier this month and threatened to release sensitive information, including students’ and teachers’ personal data, unless the district paid $40 million.
The district told parents about an internet outage on March 7 that disrupted online learning, but it appears the incident was far more serious than first reported and that it remains ongoing.
As first reported by the cybersecurity blog Databreaches.net, the district was the victim of a hacking group trying to extort millions of dollars for the stolen records that the hackers said included pupils’ and employees’ Social Security numbers, addresses and dates of birth, as well as information on district financial contracts.
The hackers breached the district’s computer network and encrypted its servers.
They then published screenshots on a site read by hackers of a text exchange from about two weeks ago between them and a district official, which appear to be a negotiation for the district to get its files back. The Miami Herald saw those screenshots.
Text exchange includes $40 million ransom demand
In the beginning of the exchange, the hackers demanded $40 million or else they would release the information online.
“The good news is that we are businessmen. We want to receive ransom for everything that needs to be kept secret, and don’t want to ruin your reputation,” the hackers wrote. “The amount at which we are ready to meet you and keep everything as collateral is $40,000,000.”
The school district official replied: “I am ... speechless. Surely this is a mistake? Are there extra zero’s [sic] in that number by mistake?”
District: ‘No intention of paying a ransom’
The district released a statement Thursday saying that it has hired a cybersecurity firm to investigate the attack. It also said it’s working on getting back all of its files and that it has “no intention of paying a ransom.”
The statement also cast doubt on the hackers’ claim that it had student and employee personal data.
“At this point in the investigation, we are not aware of any student or employee personal data that has been compromised as a result of the incident. If the investigation uncovers any compromised personal data, the District will provide appropriate notification to those affected.”
In the online chat with the hackers, the school district official tries to explain that as a taxpayer-funded entity, it could not just hand over $40 million.
The hackers countered that if they were given $15 million within the next 24 hours, “we will give you the decryption-tool and delete all leaked files from our servers. Otherwise, we will have to upload all 1.5 [terabytes] of leaked files on the blog and delete the decryption-tool for your network in order to continue our work with other companies.”
The official said the hackers did not understand that the district did not have “revenue” on hand that it could freely spend on demand.
“I think there is some confusion about the term revenue. We do not HAVE revenue. This is not a business and we do not have ‘profits.’ We get money from the state every year, and that money is pre-spent on teacher salaries and education resources.”
Bitcoin is mentioned
The exchange became bizarre, with the hackers claiming the district did have the money in cryptocurrency Bitcoin.
There were several back-and-forths on this subject, with the official becoming increasingly frustrated and suggesting that the hackers likely incorrectly targeted the school district while meaning to have attacked a for-profit company.
“Back to this again? Why can’t you understand this? We are a SCHOOL. A public school. Public = free. Like free to come here. We collect no tuition or revenue or profits or whatever it is you think we have. And we certainly do not have even $1 in Bitcoin, forget about $15 million. We will fail until you can understand and agree your price is incorrect, and until you give us a fair price.”
The district did not respond to a question asking if law enforcement was involved in the matter. In its statement, it said it is working on protecting its network against future ransomware attacks.
“Broward County Public Schools is committed to protecting the data on its systems. Unfortunately, all organizations face increasingly sophisticated and malicious threats to cybersecurity. To help protect against these types of incidents, the District has taken steps to enhance the security of its systems, including additional administrative, technical and physical safeguards.”
Ransomware attacks becoming more common
According to the U.S. Cybersecurity and Infrastructure Security Agency, ransomware attacks are a growing and ever-evolving problem for private companies, critical infrastructure utilities and government agencies, including school districts.
The malware encrypts information in a computer system, rendering any file on it unusable. The hackers then demand ransom in exchange for the decryption of the information.
There are a variety of ways for hackers to install ransomware, but one of the most common is tricking people into clicking on a link in an email.
“Never click on links or open attachments in unsolicited emails,” the CISA says on its website.
This story was originally published March 31, 2021 at 7:39 PM.
