Hackers published sensitive data, including the names and social security numbers of staff at the Clark County school district in Nevada, after it refused to pay up, according to a cybersecurity firm.
Brett Callow, a Threat Analyst at cybersecurity firm Emsisoft, told Fox News that the hackers “posted 100% of the documents that they claim to have stolen” from the Clark County School District (CCSD), totaling about 25 gigabytes of data.
Callow said the sensitive data has been posted to the regular web and the so-called dark web. The latter is not indexed by search engines and parts of it cater to the cybercriminal underworld where sensitive data is bought and sold.
Fox News has reached out to the district with a request for comment.
In the notice, CCSD said, “certain current and former employee information may have been accessed or acquired by the unauthorized actor.” As a result, the school district is notifying staff “whose name and Social Security numbers were present in the affected systems at the time of the incident," characterized as a ransomware attack.
In a textbook ransomware attack, the attacker locks critical files and then provides instructions on how to unlock the files — provided that the victim pays.
In this case, the CCSD did not pay the ransom. If an organization pays the ransom, the criminals would "supposedly" destroy the stolen data, Callow told Fox News, adding that the data is on a site run by cybercriminal gang Maze.
These sites have been referred to as "name and shame" websites and have reportedly been hosted at various locations around the world. The objective is to expose sensitive data if the ransomware victim refuses to pay.
The new attack follows in the wake of Hartford, Conn., public schools postponing the first day of classes after it fell victim to a ransomware attack. Fairfax County public schools in Virginia were also recently hit by a Maze ransomware attack.
This past summer, the University of California, San Francisco said it paid $1.14 million to a ransomware group. In that instance, breached files included student applications with social security numbers.
Successful ransomware attacks are on the upswing in recent weeks. At least 12 school districts have been hit this month and data was stolen and published in 5 of those 12 cases, Emsisoft's Callow said. So far this year, over 1,200 individual schools, universities and colleges have been impacted by ransomware, Callow added.
“Schools…maintain highly sensitive and personally identifiable information from Social Security numbers to medical records, credit card and other financial information – all of which attackers are happy to monetize,” Adam Laub, General Manager at Stealthbits Technologies, told Fox News earlier this month.