A hacker group has published employee Social Security numbers, student grades, and other sensitive information from the Clark County School District in Las Vegas after it refused to pay a ransom. The largest school district known to be hit with ransomware since the start of the pandemic announced a breach on Sept. 9, saying certain files couldn't be accessed on computer servers beginning Aug. 27, three days after classes began online. It also told individuals to monitor financial accounts for suspicious activity. Days later, the hacker group released stolen information that appeared to be nonsensitive, Brett Callow, an Emsisoft threat analyst, tells the Wall Street Journal. Then late last week came the release of more sensitive information, including employee Social Security numbers and addresses, and student names, grades, birth dates, schools, and addresses, Callow said. The district has 320,000 students.
With schools moving to remote learning, "the value of doing this has gone up," Evan Kohlmann of cybersecurity firm Flashpoint tells the Journal. Business Insider reports at least 60 US school districts and universities have been targeted this year. Ransom negotiating firm Coveware reports ransom payments for all industries were up 60% to $178,254 in its second quarter ending in June. It adds a decryption tool is delivered in 99% of cases when a ransom is paid. Other school districts have paid ransoms, deciding it's less costly than rebuilding servers. But the FBI advises against this as it encourages other attacks. It's unclear how much money was requested or whether the district has regained access to its servers, per the Journal. It said Monday it is "working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement," per the Las Vegas Review Journal. (More ransomware stories.)