Ransomware on SLED networks

FBI warns education sector of ransomware threat

Student records hold a trove of personal data -- from basic contact information to sensitive behavioral reports and private health information, making them an attractive target for hackers.

A hacker group called TheDarkOverlord has been trying to sell private records extorted from almost 100 schools and businesses, according to a recent warning by the FBI and the Department of Education inspector general.

TDO used remote access tools to break into school district networks and steal sensitive data. It then threatened to release or sell the sensitive data – and even warned of school shootings -- unless ransom was paid. 

As of this January, the group was responsible for 69 intrusions into schools and other businesses and the attempted sale of almost 100 million records containing personally identifiable information. According to the notice, TDO has already released 200,000 records on more than 7,000 students.

The FBI said it does not recommend schools make a ransom payment when they're threatened, as it does not guarantee they will regain access to data. Instead, the FBI wants schools targeted by the hacker group to contact law enforcement, preserve the evidence of threats and keep a detailed timeline.

 Additionally, the FBI said, schools must do a better job of protecting their networks and data, including auditing and restricting remote access, implementing a backup and recovery plan and apply software or firmware updates as soon as possible.

This article was first posted to FCW, a sibling site to GCN. 


Charter Sponsors