Hackers are now breaking into schools which typically have lax security relative to corporations and once in, they access student information and use it to threaten death to students. Mentioning Sandy Hook – a horrific school shooting in Connecticut, a hacker group named Dark Overlord looks for up to $150,000 in bitcoin to destroy personal information which was stolen.

In a Facebook post, 

Sheriff Chuck Curry of Flathead County Sheriff’s Office in Montana shared the following information:

For Immediate Release – Update on Cyber Terrorism Case – Monday

As the joint investigation into the cyber terrorism case has progressed, further information has come to light. On Monday a ransom letter stating the demands of the cyber “hackers” was received via email by members of the Columbia Falls school district.

I have been keeping some information confidential in an attempt to not hamper our investigation, and know that “Trust Me” is beginning to wear thin. As a matter of course, ransom demand letters are generally never released to the public due to obvious investigative reasons. We understand that our valley has been terrorized due to the extremely emotionally charged, seemingly real, physical threats to the students of our area schools. We have made the unusual decision to release the ransom demand letter. We feel this is important to allow our community to understand that the threats were not real, and were simply a tactic used by the cyber extortionists to facilitate their demand for money.

All student information and identifying information has been redacted, and the redactions are noted in the released document. Other than the redacted information, the letter is verbatim, as received from the extortionists. The letter is attached to this release.

The group who have identified themselves in this letter have been identified, and are the subject of active investigations elsewhere in our country. They are located outside of the United States. We have also discovered that they have frequently failed to live up to their promises to not release the stolen data in the past, even when their ransom demands have been met. 
We fully understand the concern and fear that has resulted from this cyber-attack, and want the community to know that all the valley law enforcement agency heads feel there is no threat to the physical safety of our children.

As previously stated, the safety of our children has always, throughout this investigation, remained our paramount concern. We will continue to work around the clock to bring those responsible to justice, and remain fully committed to this investigation, even though we now know the physical threat to our children does not exist.

According to CNN:

The same hackers also targeted the Johnson Community School District in Iowa earlier this month, and the district canceled all classes on October 3. According to local media reports, the hackers also sent threatening text messages to children and their parents.

The hacking group previously attempted to extort Netflix after hacking its production studio, Larson Studios. The group released episodes of Orange is the New Black online last spring.

It’s unclear why the Dark Overlord began targeting schools but someone from the hacking group told the Daily Beast they are “escalating the intensity of our strategy in response to the FBI’s persistence in persuading clients away from us.”

The Department of Education believes hackers are targeting schools with weaker security leading schools to wonder what is the best way to protect themselves from such incidents. Here are some ideas to create a cybersecurity culture for education, business and government agencies alike:

1.    Cybersecurity training must be done regularly.

2.    Auditing and documentation must be performed regularly to ensure systems are secure.

3.    Anomaly detection should be running constantly to detect threats as they emerge.

4.    Penetration testing shows if systems can easily be reached from the outside. Here is a case where this test might have saved two company’s’ reputations from being destroyed.

5.    Network forensics for when a breach eventually occurs. The bad guys always seem to get in eventually.

6.    An action plan to follow when a breach does occur. Once it happens, few will have the clear heads needed to “wing it” correctly. Equifax botched it’s response in what is being called a PR catastrophe.

To ensure your organization is safe – even if you have internal IT, hire an experienced MSP or MSSP.