Ransomware attacks on education systems are continuing to be a major issue.
A recent attack targeted Florida's Broward County Public Schools, the sixth largest school district in the U.S. with 271,000 students and an annual budget of $4 billion.
The ransomware gang encrypted district data and demanded a $40 million ransom payment. The group threatened to delete the data and post personal information of students and staff online if the ransom was not paid. This did cause a brief shutdown of the district's computer systems, but classes were not interrupted.
The school district has said that no personal information was stolen and that it would not pay the ransom.
SecureWorld News recently covered why cyberattacks on schools are rising and what the top attack vectors used against schools are, which you can read about here.
Negotiations with ransomware gang
Despite Broward County Public Schools saying they would not pay the ransom, the district did engage in negotiations with the ransomware gang for a couple of weeks.
Insurance Journal was able to share part of those negotiations, with the ransomware group referred to as Conti. Here is how part of that conversation went:
"In Conti's negotiations with Broward, after the gang's initial $40 million demand, it said it was willing to negotiate: it would accept $15 million in Bitcoin but it had to be delivered within 24 hours. Otherwise, it would upload the personal information it claimed to have and permanently lock the computer system. Conti said legal claims against the district for losing the data would exceed $50 million, so it should consider its demand a bargain."
Conti: 'It is a possible amount for you,'
Broward: 'This is a PUBLIC school district, you cannot possibly think we have anything close to this!'
Conti: 'Pay $15M and you guys are guaranteed to solve your problem.'
Conti upped its threat by suggesting it had found damaging information about an unnamed royal family in Broward's database – an allegation the district's negotiator found absurd.
'What do you mean about a royal family… we are a public school district,' the negotiator replied."
Conti eventually lowered its demand to $10 million, to which the district made a counter offer of $500,000. No agreement was ever reached.
Congress calling for improving security in education
With the significant rise in cyberattacks targeting schools, lawmakers have begun to press the Department of Education to take action.
Two members of U.S. Congress, Doris Matsui and Jim Langevin, wrote a letter to Miguel Cardona, the Secretary of Education, highlighting concerns that cybersecurity threats to K-12 institutions have spiked during the pandemic. They also urged Cardona to issue guidance to educational institutions to help navigate these threats.
"As the U.S. continues to battle the ongoing pandemic, the Department of Education will play a critical role in supporting American families as they navigate the challenges of distance learning and prepare to reenter the classroom safely," they wrote.
"To help ensure schools are keeping pace with the demands of the modern classroom, we urge you to issue guidance that will allow K-12 schools to make needed investments in increased cybersecurity measures.
In light of this well-documented threat, we believe that the Department must be doing everything it can to support schools in protecting the confidentiality of students' data and ensuring the availability of information technology systems essential for learning.
While schools can reasonably interpret this text to indicate cybersecurity costs would be considered eligible expenses, written guidance from the Department to that effect will ensure schools have the information they need to make informed decisions about how to use these funds."
SecureWorld is holding a Gov-Ed virtual conference on June 10, 2021, to help combat these threats. Register now and get the event on your calendar.
