Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label U.S. Schools. Show all posts

Ransomware Gangs Exposing Private Files of Students Online


Ransomware groups have lately been dumping private documents acquired from schools online. The stolen content included happens to be raw, intimate and graphic. The confidential ‘data’ leaked online involve content as explicit as describing student sexual assaults, psychiatric hospitalizations, abusive parents, truancy, or even suicide attempts. One hacked file shows a youngster pleading, "Please do something," recalling the pain of frequently running into an ex-abuser at a Minneapolis school, while other described some victims wetting their bed or crying themselves to sleep.

More than 300,000 files were posted online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Among those files were complete sexual assault case folios including this information. Medical records, complaints of discrimination, Social Security numbers, and contact information for district employees were among the other data disclosed.

The ‘nation’s schools’ that are lush with data have been a primary target for hackers. “In this case, everybody has a key,” says Ian Coldwater, a cybersecurity expert whose son attends a Minneapolis high school.

Districts – often short of funds – are also short of resources to defend themselves from or even properly respond when attacked, as months after the attack, the Minneapolis administrators did not yet promise to inform about the attack to individual victims.

Families of six students whose sexual case files were leaked reached the Association Press only after getting to know about it through a message from a reporter, alerting them of the leak.

Los Angeles Unified School District caught a ransomware attack in progress last Labor Day weekend, only to find the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. It was not until February that district officials disclosed the breach's full scope.

It turns out that the long-term effects of school ransomware attacks are not in school closures, expensive recovery efforts, or even skyrocketing cyberinsurance premiums. The AP discovered private documents available on both the open internet and the dark web, causing trauma for teachers, students, and parents.

“A massive amount of information is being posted online, and nobody is looking to see just how bad it all is. Or, if somebody is looking, they’re not making the results public,” says analyst Brett Callow of the cybersecurity firm Emsisoft.

Other major cities that experiences a data theft incident include San Diego, Des Moines and Tucson, Arizona. While the severity of attack remains unclear, the authorities were criticized for their negligence in acknowledging and responding to the ransomware attack.

School systems have been slower to respond than other ransomware targets, who have strengthened and segregated networks, encrypted data, and required multi-factor authentication.

As per a report by the Center for Internet Security, a federally funded nonprofit, one in three U.S districts had been breached by the end of 2021. According to analyst Allan Liska from cybersecurity firm Recorded Future , ransomware have affected over 5 million students in US already and the cases are likely to only increase this year.