Nevada school district refuses to submit to ransomware blackmail, hacker publishes student data

A cybercriminal has published private data belonging to thousands of students following a failed attempt to exhort a ransomware payment from a Nevada school district.

Ransomware is a form of malware that can have a devastating impact on businesses and individuals alike. 

Once a ransomware package has landed and executed on a vulnerable system, files are usually encrypted, access to core systems and networks is revoked, and a landing page is thrown up demanding a payment — usually in cryptocurrencies such as Bitcoin (BTC) or Monero (XMR) in return for a decryption key — which may or may not work.   

See also: Ransomware is your biggest problem on the web. This huge change could be the answer

Ransomware operators target organizations across every sector in the hopes that the fear of disrupting core operations will pressure victims into paying up. It may not be a valid legal expense, but for some, paying a ransom is now considered a new cost of doing business. 

While it is estimated that at least half of organizations struck with a ransomware infection will pay up, others will refuse as to not give in criminal activities — no matter the consequences. 

CNET: US government won’t detail how TikTok is a security threat

In the case of the Clark County School District in Nevada, officials reportedly refused to pay the ransom, leading to the potential exposure of student data. 

First reported on September 8 by the Associated Press, the Clark County School District said its computer systems had been infected with malware on August 27, locking up access to files. 

At the time, it was thought that some employee personally identifiable information (PII) may have been exposed, including names and Social Security numbers, but students were not mentioned. 

TechRepublic: Google removes 17 Android apps designed to deploy Joker malware

The district pulled in law enforcement and cyberforensic investigators to manage the incident. However, this doesn’t appear to have been enough to prevent a leak. 

The ransomware’s operator was holding data hostage in the hopes of forcing the distinct to pay up but was left disappointed, as reported by Business Insider. In retaliation, student information has been published on an underground forum. 

Speaking to the Wall Street Journal, Emsisoft threat analyst Brett Callow said the file dump discovered on the forum claims to include student names, Social Security numbers, addresses and financial information, although what type of financial data has not been disclosed. 

In an update posted on Monday, the Clark County School District said:

“CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement. The District is unable to verify many of the claims in the media reports. As the investigation continues, CCSD will be individually notifying affected individuals.

CCSD values openness and transparency and will keep parents, employees, and the public informed as new, verified information becomes available.”

According to Coalition, ransomware incidents accounted for 41% of cyberinsurance claims filed in the first half of 2020. Claims following ransomware-related security incidents have ranged from $1,000 to over $2,000,000. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0