According to a warning issued by the Cyber Division of the FBI and the Department of Education's Office of the Inspector General on 31 January, a hacker group called “TheDarkOverlord” (TDO) has tried to sell over 100 million private records and as for January, is responsible for over 69 attacks on schools and other businesses.
TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.
The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”
The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.
According to the report, TDO has also threatened violence in case of failure to meet demands.
Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”
This caused several schools to shut down for few days as a precaution.
TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”
In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.
The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.
TDO is also allegedly responsible for the release of over 200,000 records including the PII of over 7,000 students due to nonpayment of ransoms.
The warning describes the group as “a loosely affiliated group of highly trained hackers” who, since April 2016, have “conducted various extortion schemes with a recent focus on the public school system.”
The warning says that TDO uses remote access tools to breach school district networks and steal sensitive data, which they then use to extort money from its victims, including students.
According to the report, TDO has also threatened violence in case of failure to meet demands.
Initially, TDO communicated their demands via email with threats of publicly releasing stolen data, but the warning notes that in September 2017, “TDO escalated its tactics by threatening school shootings through text messages and emails directed at students, staff, and local law enforcement officials.”
This caused several schools to shut down for few days as a precaution.
TDO was allegedly connected to multiple threats of violence on school campuses, however, the report says that while these threats caused panic, they “provided TDO with no apparent monetary gain.”
In a recent incident, TDO threatened to publicize the sensitive behavioral reports and private health information of students.
The FBI also recommends that victims do not give in to the ransom demands, as it does not guarantee regaining access to sensitive data. Rather, they advice to contact law enforcement, retain the original emails as evidence, and maintain a timeline of the attack, if possible.