Why schools and students are lucrative ransomware targets
The Los Angeles Unified School District is the second largest school system in the country — over 600,000 students across more than 1,000 schools.
Back in September, hackers locked up the district’s computer networks and demanded a ransom, which the district’s superintendent, Alberto Carvalho, said was a nonstarter.
“We never entertained any negotiations nor did we actively directly or indirectly engage in negotiations,” he said.
When the school district refused to engage, the group behind the cyberattack — a ransomware gang called Vice Society — responded by releasing 500 gigabytes of school files: addresses, attendance records, Social Security numbers.
It was one of a roster of Vice Society cyberattacks against schools that has raised the attention of authorities around the world, including the United States.
Jon DiMaggio, who tracks Vice Society and other ransomware groups for cybersecurity firm Analyst1, said this behavior — leaking sensitive data after failing to secure a ransom payment — is typical of the way Vice Society operates.
“I wouldn’t call it an online tantrum, but they certainly had a really bad attitude about it,” DiMaggio said.
He knows a few things about them. For one, “they’re Russian,” he said.
Top-shelf ransomware gangs, DiMaggio said, write clever code or use some never-before-seen technique to crack into a system. But Vice Society is more basic than that.
“They don’t even make their own ransomware,” he said. “They are definitely poseurs.”
Schools are in the crosshairs largely because hacking them is easy, according to Mike Hamilton, a founder of a cybersecurity company called Critical Insight. He helps a lot of schools secure their networks.
“They’re low-hanging fruit,” he said.
Identity thieves are partial to students’ data because, among other things, young people have no credit history, so stealing their personal information and using it to open up a new credit card is easier to do.
That’s why their personal information is more valuable, Hamilton said. “They’ve been targeted as a source of revenue for these gangs.”
The FBI and the Cybersecurity and Infrastructure Security Agency recently released an advisory specifically warning about groups like Vice Society.
But DiMaggio from Analyst1 said that’s not enough, because cybersecurity companies like his aren’t allowed to strike back against these ransomware groups.
“We can’t go hack their infrastructure,” DiMaggio said. “We certainly can’t empty their wallets.”
So, DiMaggio said, it’s harder to hit these ransomware groups where it hurts.
There’s a lot happening in the world. Through it all, Marketplace is here for you.
You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible.
Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.