Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.
TheDarkOverlord Solutions also went as far as to make graphic death threats against the children attending the schools, taking advantage of the memory of recent school shootings. This hack resulted from the Columbia Falls district server being targeted, which contained all sorts of personal data belonging to residents of the school district. This includes addresses, medical histories, behavioral history, and other information that’s helpful to cybercriminals. Thanks to these events, 30 schools closed and canceled any weekend activities. When class resumed, there was more security in place.
TheDarkOverlord Solutions, true to its name, targets individuals that have particularly lucrative data on the line. In July 2017, they were responsible for a major information harvest from healthcare providers which resulted in almost 9.5 million records going up for sale on the black market. These records were reportedly stolen from a clinic, a healthcare provider, and a health insurance provider.
This same group also reached out and made their name known by stealing media from Netflix. The popular series Orange is the New Black was released prior to its actual release date, thumbing the nose of the audio post-production studio that provided a ransom of $50,000. It just goes to show that you can never trust a thief!
All signs point toward the Columbia Falls school district to not pay the ransom demanded of them. They made the correct choice by not giving in to the demands of hackers, as there is no reasonable expectation that the data will be handed back. If they do decide to pay the ransom, it’s money that’s just going toward funding further ransomware attacks. Plus, if they are willing to pay, it just shows that the tactic actually works.
The best way to stay secure is to protect your organization against all types of threats. To learn more, reach out to CTN at (610) 828-5500.