FBI foils ransomware network that targeted school districts

Dive Brief:

  • The FBI has thwarted international ransomware network Hive, providing recent and previous victims with decryption keys they could use to avoid paying $130 million in ransom demands, the U.S. Justice Department announced Thursday. Hive targeted over 1,500 victims in more than 80 countries by attacking school districts, hospitals, financial firms and critical infrastructure — and received over $100 million in ransom payments since 2021.
  • In coordination with law enforcement agencies in Germany and the Netherlands, the Justice Department has taken control of Hive’s websites and servers used for communicating with the group’s members, the agency said.
  • Hive used ransomware-as-a-service (RaaS), in which members identified victims and used an already developed ransomware strain to attack their targets. In return, the member who deployed the attack earned a percentage of the ransom payment.

Dive Insight:

While it is unclear how many school districts have been specifically targeted by Hive, schools have fallen victim to ransomware attacks in recent years often because they lack resources and funding to combat cyberthreats.

Several major districts have made headlines following ransomware attacks in recent years, and yet not every incident impacting K-12 schools is made public. 

In one of the more notable recent incidents, the Los Angeles Unified School District — the nation’s second-largest school system — announced in September it had been hit with a major ransomware attack. Last week, the district shifted the timeline of the attack, saying it happened earlier than previously reported but remained undetected for a month. 

A different hacker group, Vice Society, has claimed responsibility for the LAUSD attack, in which about 500 gigabytes of data were stolen and 250,000 district files were posted on the dark web after the district refused to pay a ransom. Some of the leaked information included sensitive data such as Social Security numbers and contracts.

In December, the Little Rock School District in Arkansas agreed to pay a $250,000 settlement to end a ransomware incident, despite federal authorities highly discouraging such payments to threat actors. 

Federal help is increasing as the K-12 sector struggles to keep up with cybersecurity threats. 

Earlier this week, the Cybersecurity and Infrastructure Security Agency released guidance outlining recommendations on how districts can strengthen their cyberdefenses, such as implementing multifactor authentication and running a strong cybersecurity training program. Most important, the agency emphasized that these necessary changes must not fall squarely on a district’s IT staff alone — district leaders need to give their full support, too.

This article originally appeared in www.k12dive.com

Leave a Reply

Your email address will not be published.