Broward County Public Schools Hit with $40 Million Ransom by Conti Ransomware Gang
BCPS’s Computer System Was the Target of Hackers Who Earlier This Month Demanded A $40 Million Ransom to Prevent the Leakage of Students and Teachers’ Personal Information.
Several weeks ago, the Conti ransomware gang encrypted the systems at Broward County Public Schools and threatened to release sensitive personal data of students and staff unless the district paid an enormous $40 million ransom.
On March 27th, the attackers threatened to leak a vast trove of personal data, including students, teachers, and employees’ social security numbers, addresses, birth dates, and school district financial contact information, as reported by DataBreaches.net.
Upon learning of this incident, BCPS secured its network and commenced an internal investigation,” the statement continued. “A cyber security firm was engaged to assist. BCPS is approaching this incident with the utmost seriousness and is focused on securely restoring the affected systems as soon as possible, as well as enhancing the security of its systems.
Conti ransomware gang told Broward that they had encrypted Broward’s servers and exfiltrated more than 1 TB of data files.
An excerpt of a conversation between representatives of the BCPS and the Conti ransomware gang.
After weeks of negotiations, the hacker eventually lowered the offer to $10 million. Under district policy, that amount is the maximum it can pay without school board approval.
The Fort Lauderdale-based district said it is working with cybersecurity experts “to investigate the incident and remediate affected systems.” The district did offer to pay $500,000, at which point the ransomware criminals apparently ended negotiations.
According to a statement recently released by Broward County Public Schools,
Efforts to restore all systems are underway and progressing well. We have no intention of paying a ransom. At this point in the investigation, we are not aware of any student or employee personal data that has been compromised as a result of this incident.
The district went on to say that it is “not aware of any student or employee personal data that has been compromised as a result of this incident.”
Unfortunately, this is just one target from the massive wave of cyberattacks that started last December. Staff and students at the University of Maryland recently had their private information, such as passports, names, addresses, financial information, and social security numbers posted online.
What’s more, Clop ransomware leaked data stolen from the University of Colorado and the University of Miami, including financial documents, enrollment information, and academic records.
Last month, PC vendor Acer, the 6th-largest PC vendor by unit sales in the world, became the victim of a REvil ransomware attack. The requested ransom is the largest one to date, REvil asking for $50 million.