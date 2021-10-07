Written by Benjamin Freed



The malicious actors behind a ransomware attack on a Texas school district attempted to get paid this week with what an analyst said appears to be an entirely new tactic: emailing parents of students with the threat that if school officials do not pay, their children ‘personal information may be published online.

“We read the news and watched the video in the news article… with a sense of frustration as to how your EDUCATION PROVIDER cares about your data and your personal life,” the report reads. E-mail. “We can understand that they are trying to cheat us, but they are doing the same with you. “

Allen ISD, which serves nearly 22,000 K-12 students about 30 miles north of Dallas, recognized on September 28 that he was the victim of a ransomware breach that earlier this month disrupted a handful of systems, including the GPS routing software that guides school buses and sparked an extortion attempt threatening the disclosure of personal information of staff and students on the open Internet.

School officials refused to pay the hackers’ demands and also told local media there is no evidence that his data was exfiltrated. But direct communication with district employees and parents of students is a frightening twist that may represent a new tactic in ransomware attacks against the education sector, said Doug Levin, national director of the K12 Security Information Exchange, a group that monitors cyber attacks on schools and issues policy recommendations.

“The idea of ​​a threatening actor contacting parents is certainly a shift in tactics and an escalation in the way ransomware actors try to extort school districts in particular,” Levin told StateScoop. “It’s a new tactic, and I don’t think it’s something a school district has ever planned. They are put in a very difficult position trying to reassure community members that all data and information they have about students and families is safe. “

Ransomware criminals threatening to disclose the sensitive information of their victims are an almost constant attack feature, but these messages are typically received by the system administrators of a victim organization, and not by the customers in this case, the parents of school-aged children, Levin said.

“[Allen ISD is] really between a rock and a hard place, ”he said. “They don’t want to reward the criminal for this extorting behavior. At the same time, parents would likely encourage the district to do everything in its power to protect the children. “

The message, which was sent on Monday, also opens with a salute of “Hi,” an apparent acknowledgment by hackers that their targeted victims are in Texas.

“These threatening actors will follow media coverage of how the incident is portrayed,” Levin said. “If the threat actors don’t feel that the district is an entirely truthful and distorted situation, they are known to get worse. “

With the message to parents, however, Levin said this latest incident is in part a reminder of the wrongdoing by the Lord of Darkness hacking group, which has targeted organizations, including U.S. school districts, by personally threatening to disclose the personal information of employees, parents, and students. But these crimes were more aimed at wreaking havoc with law enforcement, while ransomware is motivated by financial reasons, Levin said.

But the message to Allen ISD’s parents is worrying, he added.

“It’s concerning and I can see how it might work,” Levin said. “The big arc of school cybersecurity is that we are seeing threat actors catching schools across a very large network, but it appears they are targeting schools,” research suggests. This indicates a certain sophistication in the search for leverage points. When you threaten the safety of their children, it will create waves. “