Dive Brief:
- The Medusa ransomware gang recently claimed responsibility for a cyberattack against Minneapolis Public Schools when the group posted a video and screenshots that included allegedly stolen district data on its darknet website, according to Brett Callow, a threat analyst at Emsisoft, a cybersecurity software company.
- To delete the stolen data, Medusa is asking for $1 million from the 35,000-student district, but it’s also willing to sell the information to anyone at the same cost, Callow said. The leaked files purportedly include information about an alleged student-involved sexual assault, he said.
- MPS, which continues to describe the incident as an “encryption event,” confirmed in a statement on Thursday that the district’s data has been accessed and shared publicly. The district added that there’s no evidence any data has been used to commit fraud and said anyone whose legally protected information has been accessed will receive free credit monitoring and identity protection services.
Dive Insight:
As fewer targets have recently refused to pay ransomware groups after an attack, Callow said, hackers are escalating their tactics to put more pressure on their victims.
It’s not an accident that Medusa posted alleged details of a student-involved sexual assault, Callow said. “Their intention will be to cause outrage so that parents will try to pressure the school into paying to stop the release of further very sensitive information.”
#Medusa has listed Minneapolis Public Schools. #ransomware #MPS 1/3 pic.twitter.com/phMKUMZ1UW
— Brett Callow (@BrettCallow) March 7, 2023
Emsisoft has also tracked ransomware attacks against school districts for the past two years. In 2022, 45 school districts overseeing 1,981 schools faced a ransomware attack, the company found. The prior year, 1,043 schools across 58 districts were affected by these attacks, according to Emsisoft.
One of the most prominent district ransomware attacks in 2022 came against Los Angeles Unified School District, where highly sensitive health records including psychological evaluations of about 2,000 students were leaked.
The Emsisoft data likely only touches the surface of the actual number of ransomware attacks impacting school districts, as there’s generally still “far too little transparency around the issue of ransomware,” Callow said. Keeping these attacks out of the public eye can create issues among policymakers, too, he said, because they can’t track whether the attacks are actually increasing or decreasing.
Federal efforts are underway, however, to bulk up the nation’s cyberdefense, as the White House just released a National Cybersecurity Strategy in March. Ed tech experts have said they’re cautiously optimistic, but they say quick follow-through is needed at all levels of government to protect vulnerable school districts from attacks.