Ransomware Attack On Minneapolis Public Schools

>> ERIC: MINNEAPOLIS PUBLIC SCHOOLS ARE DEALING WITH A DATA BREACH.

TODAY WAS THE DEADLINE THAT HACKERS SET FOR THE SCHOOL DISTRICT TO PAY A RANSOM OF ONE MILLION DOLLARS, OR ELSE THE CYBER THIEVES WOULD RELEASE PRIVATE DATA ON STUDENTS, TEACHERS AND ADMINISTRATORS TO THE PUBLIC.

THIS MORNING, THE DEADLINE PASSED.

NO RANSOM WAS PAID AND THE DATA WAS RELEASED TO THE DARK WEB.

WITH US TO TALK ABOUT TODAY'S NEWS, IAN COLDWATER IS A CYBER SECURITY EXPERT WHO IS A PARENT OF A STUDENT IN THE MINNEAPOLIS SCHOOLS.

MARK KEIERLEBER JOINS US BY ZOOM.

HE'S BEEN COVERING THIS STORY FOR THE NATIONAL EDUCATION NEWSITE, "74."

FIRST OF ALL, MARK, WHO WILL HAVE ACCESS TO THIS DATA ON THE DARK WEB?

IS IT GOING TO BE READILY AVAILABLE FOR OTHER -- THAT WILL CAUSE OTHER PROBLEMS FOR PEOPLE OR... >> THAT'S A REALLY GREAT QUESTION AND THAT'S ACTUALLY PART OF THE MYSTERY, SO THESE RANSOM WARE GANGS, THEY LEVERAGE WHAT'S CALLED A DOUBLE EXTORTION ATTACK, THEY ENCRYPT THE DATA, THREATEN TO, YOU KNOW, RELEASE THAT DATA IF YOU DON'T PAY THE RANSOM AND BECAUSE IT'S ENCRYPTED, YOU CAN'T GENERALLY HAVE ACCESS TO IT.

WITH THIS PARTICULAR ATTACK, IT'S A LITTLE BIT INTERESTING, YOU KNOW, THE TICKER WENT DOWN TO ZERO EARLY THIS MORNING AND THE RANSOMWARE GANG'S DARK WEB LOG SAYS, HEY, THAT DATA LAST NOW BEEN PUBLISHED, CLICK THIS BUTTON HERE TO ACTUALLY ACCESS THE INFORMATION BUT IF YOU CLICK THAT BUTTON, IT DIRECTS YOU TO REACH OUT AND CONTACT THE GROUP RATHER THAN, YOU KNOW, DIRECTING YOU TO A FILE DOWNLOAD.

SO IT DOESN'T APPEAR THAT THE DATA IS ACTUALLY IMMEDIATELY AVAILABLE ON THE DARK WEB.

THOUGH THE GANG HAS BEEN KNOWN TO USE OTHER PLATFORMS, INCLUDING WHAT RESEMBLES A [INDISCERNIBLE] BLOG AND THE ENCRYPTED MESSAGING TELEGRAM TO GIVE THE RECORDS AND IT APPEARS THAT WE'RE GOING TO SEE THOSE RECORDS IN THAT SPOT BUT PERHAPS ON A DELAY.

>> Eric: OKAY.

>> Cathy: IAN, WHO'S AFFECTED BY THIS?

WE'VE HEARD THAT FAMILIES AND STAFFERS AND STUDENTS, BUILT IS THIS -- IS THIS GROUP BEEN ALLEGED?

>> SO, WE CAN GET A PRETTY GOOD IDEA OF WHAT KIND OF DATA THEY HAVE FROM THE EXAMPLE DATA SET THAT HE MEDUSA GROUP HAD PUBLISHED.

THEY PUBLISHED SOME SCREEN SHOTS INITIALLY BEFORE TODAY AS WELL AS A PURPORTEDLY COMPLETE FILE TREE INVOLVING THE NAMES OF THE FILES HAT THEY SAID THAT THEY HAD.

YOU CAN GET A LOT OF INFORMATION JUST FROM WHAT THEY PUT OUT THERE BECAUSE THOSE FILES ARE VERY SCRIPTIVELY NAMED WITH PEOPLE'S NAMES IN THEM, FOR EXAMPLE, SO YOU CAN GET AN IDEA OF WHO MIGHT E AFFECTED AND WHAT KIND OF DATA MIGHT BE IN THERE.

SOME PEOPLE OR CLASSES OF PEOPLE WHO MIGHT E AFFECTED BY THIS THAT YOU CAN SEE IN THE EXAMPLE DATA SET ARE CURRENT AND FORMER STUDENTS, BECAUSE THIS DATA GOES BACK QUITE SOME TIME.

CURRENT AND FORMER STAFF MEMBERS.

PARENTS HO HAVE CONTACT INFORMATION CONNECTED TO THEIR STUDENTS.

SCHOOL BUS DRIVERS WHO ACTUALLY HAVE QUITE A BIT OF SENSITIVE INFORMATION IN THERE, AND VENDORS WHO HAVE DONE CONTRACT BUSINESS WITH MPS.

>> Eric: I'M WONDERING, MARK, IF THIS IS SOMETHING THE SCHOOL DISTRICT HAS NOT DONE PROPERLY OR IS THIS JUST THE WAY OF THE MODERN ORLD?

>> YOU KNOW, THAT'S A COMPLICATED ISSUE, AS WELL, RIGHT?

YOU KNOW, CYBER SECURITY EXPERTS CERTAINLY REMINDS ME WHENEVER I TALK TO THEM, HEY, YOU KNOW, FEDERAL LAW ENFORCEMENT AGENCIES ARE ALSO, YOU KNOW, VICTIMS OF ATTACKS AND THERE IS NO REAL SENSE THAT -- THERE IS NO WAY TO PREVENT THIS 100% BUT THERE ARE CERTAINLY OOD QUESTIONS NOW THAT THIS RAISES ABOUT WHAT KIND OF PROCEDURES DOES THE SCHOOL DISTRICT HAVE IN PLACE IN TERMS OF PREVENTING IT AND WHAT IT'S GOING TO DO NOW, MOVING FORWARD?

>> Cathy: THAT'S A GOOD QUESTION, IAN.

AS AN EXPERT, MPS HAS NOT BEEN TERRIBLY TRANSPARENT ABOUT THIS.

ARE THEY WORRIED ABOUT LAWSUITS OR DO THEY JUST NOT UNDERSTAND WHAT WAS HAPPENING INITIALLY?

WHY THE -- WHY THE TIGHT-LIP EDNESS ABOUT THIS?

>> IT'S NOT 100% CLEAR AND THE DISTRICT CERTAINLY ISN'T TELLING US.

I SUSPECT THAT THERE'S PROBABLY SOME COMBINATION OF THEM BE CONCERNED ABOUT LIABILITY AND THE COMMUNICATION THAT THE DISTRICT PUT OUT TODAY ENCOURAGED PEOPLE NOT TO SHARE INFORMATION ABOUT THIS BECAUSE IT MIGHT STOKE FEAR AND PANIC.

I PERSONALLY DISAGREE WITH THAT.

I THINK THAT HAVING KNOWLEDGE IS POWER ND PEOPLE ARE MUCH LESS LIKELY TO BE SCARED AND PANIC IF THEY UNDERSTAND WHAT'S GOING ON AND WHAT THEY CAN DO ABOUT IT.

BUT IT'S POSSIBLE THAT THEY MIGHT JUST BE AFRAID OF WHAT PEOPLE MIGHT THINK OR SAY.

>> Cathy: WHY ARE SCHOOLS BEING TARGETED?

WHY WOULD A SCHOOL DISTRICT BE A TARGET-RICH -- >> SO, THESE GROUPS RELATIVELY COMMONLY TARGET, FOR EXAMPLE, SCHOOL DISTRICTS ND OSPITALS FOR A COUPLE OF DIFFERENT REASONS.

ONE IS SCHOOL DISTRICTS AND HOSPITALS TEND TO HAVE A LOT OF SENSITIVE DATA THAT THEY'RE SITTING ON THAT PEOPLE MIGHT NOT WANT RELEASED, SUCH AS PROTECTED HEALTH INFORMATION AND RECORDS ABOUT MINORS.

ANOTHER IS THAT OFTEN SCHOOL DISTRICTS AND HOSPITALS MIGHT HAVE MORE LAX SECURITY PRACTICES THAN, LIKE, FOR EXAMPLE, LARGE FORTUNE 500 COMPANIES.

>> Eric: MARK, I WONDER IF THIS SPEAKS TO WHETHER SCHOOL DISTRICTS IN GENERAL SHOULD KEEP ALL THIS INFORMATION?

DO THEY GATHER TOO MUCH STUFF?

>> WELL, THE FACT OF THE MATTER IS THAT SCHOOLS ARE INSTRUCTED BY VARIOUS LAWS TO GATHER ALL KIND OF INFORMATION.

CERTAINLY SCHOOLS IN RECENT YEARS HAVE INCREASED THE AMOUNT OF INFORMATION THAT THEY'VE BEEN GATHERING ON STUDENTS, YOU KNOW, RELATED TO THEIR SOCIAL AND EMOTIONAL WELL-BEING.

YOU KNOW, ESPECIALLY DURING THE PANDEMIC WHEN THERE WERE CONCERNS ABOUT YOUTH MENTAL HEALTH.

THERE ARE ALSO MANDATES THAT COLLECT A LOT OF DATA AND INFORMATION ABOUT, YOU KNOW, ACADEMIC PERFORMANCE TO TRY TO TRACK AND MONITOR, YOU KNOW, SCHOOL PERFORMANCE.

AND THERE ARE LAWS, YOU KNOW, ACROSS THE STATE TO, YOU KNOW, REPAYING THAT DATA SO, REALLY, THE SCHOOL DISTRICTS ARE IN A TOUGH PLACE WHERE THEY ARE REALLY REQUIRED TO KEEP A LOT OF THIS DATA BUT PART OF THE QUESTION HERE IS WHY THAT DATA WAS ON A SERVER THAT WAS TIED TO THE INTERNET.

YOU KNOW, SCHOOLS MIGHT RETAIN DECADES AND DECADES OF STUDENT TRANSCRIPTS BUT THOSE AREN'T FILES THAT ARE REGULARLY ACCESSED, AND SO, YOU KNOW, REASONABLY, YOU KNOW, THEY COULD MAYBE TAKE THOSE OFF-LINE AND STORE THEM IN A SERVER THAT'S NOT READILY AVAILABLE TO THE INTERNET.

>> Cathy: IAN, YOU HAVE A CHILD IN THE MINNEAPOLIS PUBLIC SCHOOLS.

ARE YOU WORRIED ABOUT THE RAMIFICATIONS GOING FORWARDS AND WHAT ARE PARENTS SUPPOSED TO DO ABOUT THIS?

>> WELL, YOU KNOW, FOR MYSELF PERSONALLY AS SOMEBODY WHO WORKS IN THIS INDUSTRY AND KIND OF UNDERSTANDS HOW THIS WORKS, I'M A LITTLE LESS CONCERNED FOR MY OWN WELL-BEING HERE AND MORE CONCERNED ABOUT THE FOLKS WHO MIGHT NOT BE THAT CONNECTED, EITHER TO THIS KIND OF INFORMATION, MIGHT NOT BE AS TECHNOLOGICALLY SAVVY, PERHAPS MIGHT HAVE LESS STABLE HOUSING SITUATIONS OR LESS ACCESS TO TECHNOLOGY AT ALL SO I THINK ONE OF THE REALLY IMPORTANT THINGS TO CONSIDER HERE IS GETTING THIS INFORMATION OUT TO OTHER PARENTS, TO FOLKS WHO MIGHT NOT HAVE ACCESS TO THIS INFORMATION, MAYBE THEY MIGHT HAVE LANGUAGE BARRIERS OR THING LIKE THAT.

I WISH THE SCHOOL DISTRICTS WOULD DO IT BUT IT'S REALLY IMPORTANT FOR PEOPLE TO UNDERSTAND WHAT'S HAPPENING HERE, KNOW THAT THEY MIGHT BE ASUSPECTED BIT AND KNOW WHAT KIND OF MEASURES AND STEPS THEY CAN TAKE TO PROTECT THEMSELVES AND THEIR KIDS.

>> Cathy: OKAY.

>> Eric: THANKS TO BOTH OF YOU.

VERY GOOD STUFF.