The U.S. Department of Education issued a belated warning to the nation's school districts concerning cyberattacks that use threats of violence against students in an attempt to extort money from the district.
The notice stated the hackers are targeting districts with weak cybersecurity practices or those with known vulnerabilities in their systems and then use either malware or phishing attacks to exploit these issues. The Department of Education said the attacks so far have only targeted K-12 schools, but institutions of higher learning should also be on guard.
During the last two months the cyber gang The Dark Overlord has claimed responsibility for at least three such attacks against the Johnston County (Iowa) School District and Splendora (Texas) School District. The group was also responsible for a similar attack against the Columbia Falls (Montana) School District. In each case the group released some student and parent information to prove that it had gained access to the districts' networks and then threatened to release the information publicly. Using violence was also mentioned in the ransom note.
If a district is victimized it is recommended they contact local police and then inform the Department of Education at privacyTA@ed.gov.