The healthcare industry has been extensively targeted, and now Dark Overlord cyberattacks on schools have soared – The education sector is now being targeted.
The cyberattacks on healthcare institutions included threats to publish data. Those threats were often ignored, resulting in sensitive data being dumped online. While such data dumps are damaging to healthcare organizations and their patients, many attacked institutions followed the advice of the FBI and chose not to give in to the mafia-style extortion tactics.
The recent Dark Overlord cyberattacks on schools have been different. Educational institutions have not only been hacked and had sensitive data stolen, the hacking group has escalated its threats. Additionally, rather than just sending threats to the schools, parents of some of the children whose data were stolen have also been contacted by text. The aim is clear. To put pressure on schools to pay up.
The latest wave Dark Overlord cyberattacks on schools have been spread across the country. Schools in Alabama, Iowa, Montana, and Texas have all been attacked in recent weeks. The attacks have followed a similar pattern to the attacks on healthcare organizations, Gorilla Glue, and Netflix. Sensitive data have been stolen, a payment was demanded, and a threat issued to publish the data online if the payment was not made.
Payment of a ransom does not guarantee data will not be released. The latest episode of Orange is the New Black was stolen and Netflix was threatened. A $50,000 ransom was paid, but the episode was still released – It was claimed this was for contacting the FBI.
The latest attacks have got more personal. The Dark Overlord cyberattacks on schools have seen parents of children sent personalized text messages threatening violence against their children. One of those messages included the address of the family with the message “your child is still so innocent. Don’t have anyone look outside.” The Des Moines Register reported that one parent responded to the message telling the sender of the messages to stop and was told, “we are just getting started.” Other text messages threatened to kill kids at the school resulting in the school closing for a day as a precaution.
In the case of the cyberattack on Johnston Community School District in Iowa, data was dumped online. TDO allegedly said the data would help child predators.
The attack on Montana’s Columbia Falls School district was accompanied by a 7-page letter, in which Sandy Hook was referenced. Threats were issued about publishing grades, sensitive behavioral reports, details of ‘shoddy student work’, nurse reports, and private health information. While various methods of payment were offered, a ransom payment of $150,000 was demanded in Bitcoin. In exchange, TDO said all stolen data would be deleted.
Similar attacks have occurred at Alabama’s Crenshaw County Schools District and Splendora School District in Texas. The escalation in the threats was reportedly in response to the FBI telling breach victims not to respond to the messages and not to pay the ransom demands.
While these Dark Overlord cyberattacks on schools follow a similar pattern to other attacks, there are notable differences, raising the prospect that some of the attacks were performed by other hackers piggybacking on the name.
Regardless of who is conducting the attacks, the message to schools – and all other organizations – is clear. Make sure your networks are well defended. Implement layered cybersecurity defenses, patch promptly, and consider using encryption for all stored data.