Beginning on September 13th, the hacker group known as the TheDarkOverLord Solutions, the same hackers that breached Netflix’s servers, breached a Montana school district’s server and stole personal information including addresses and medical records. The hackers made contact with school officials and families making violent physical threats late on Wednesday the 13th and the following Thursday. Schools across the area were closed down and extracurricular activities were cancelled the 14th-19th due to the threats, affecting over 15,000 students. On Monday night, the sheriff’s department released a 7-page ransom letter that was sent to the school board demanding a bitcoin payment to stop the threats and prevent the release of the stolen information. Law enforcement including the FBI and other agencies are working diligently to identify the whereabouts of the hackers and have encouraged recipients to not make contact with the hacker or pay the ransom.
While there is no imminent threat of real physical harm due to the believed overseas nature of the hacking group, what is most concerning is how easily the hackers were able to access the district’s servers–they shutdown an entire community for multiple days and stole stockpiles of information on staff as well as past and current students.
The district has decided to not pay the ransom, so there is the potential for identity theft to occur if the hackers decided to release or sell the stolen personal information on the dark web. Details of how exactly the breech occurred have yet to be released; however, it is most likely to be a part of a mass malware distribution that discovered a vulnerability in the small Montanan community and is now affecting the lives of hundreds who had their information stolen.
Educational institutions must be prepared for cyber attacks. Cyber criminals are increasingly sophisticated and are non-discriminatory in their target selection as long as they believe they can make a profit. To prepare for, and mitigate, the effects of a cyber attacks, educational institutions must create a cybersecurity culture and focus securing information not perimeters.
Creating a Cybersecurity Culture
Cyber criminals seek out the easiest targets–those that lack cybersecurity awareness and have vulnerabilities such as an unprotected password. Therefore, many organizations can prevent cyber attacks through use of good cyber hygiene and the implementation of cybersecurity awareness.
Cyber hygiene is the practice of maintaining online safety. In organizations some steps to follow are:
- Ensure the network is private and protected
- Use strong unique passwords and update them appropriately
- Have employees utilize the organization’s email platform, not personal emails
- Use two-factor authentication whenever possible
(Next page: Cybersecurity awareness and securing information)