A cybercriminal has published the personal data of students, after a school district refused to give in to blackmail attempts made via a ransomware attack.

The large-scale breach resulted in the release of private information belonging to thousands of individuals, after the frustrated attacker followed through on threats made of what would happen if the Nevada school district did not comply with demands.

Refusing to pay a ransom

A recent report published by the Associated press, outlined that Nevada’s Clark County School District had made a statement that its systems had been struck by a malware infection that effectively locked out user access to data files. Although student information was not mentioned in the notification, it was believed that personal information held on staff was exposed in the attack, including social security numbers and the names associated with them.

The school district enlisted the advice and assistance of cyber forensic specialists and law enforcement agencies, but these measures did not prove effective in stopping a data leak. The hacker holding the district’s data files hostage threatened to release the Personally Identifiable Information (PII) if the ransom was not paid. When the district refused to pay, the cybercriminal published the student data on a public forum. The confidential data released was said to contain financial details, names and addresses, and social security numbers.

A statement posted by the school district commented:

“CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement. The District is unable to verify many of the claims in the media reports. As the investigation continues, CCSD will be individually notifying affected individuals.”

Unlawful seizing of information

A kind of crypto-malware, ransomware has proved a popular tool of hackers looking to extort funds from both individuals and enterprises, leading to devastating consequences.

Once deployed and executed on a system open to attack, the ransomware payload works to encrypt sensitive and important files and block user access to core networks and systems. After these actions, a ransom note will be displayed on a landing page insisting on payment in return for the dedicated decryption key. Usually the requested amounts are asked to be paid in cryptocurrencies such as Monero or Bitcoin, which can be tricky for law enforcement agents to trace. Even if victims decide to pay up, they have no guarantee that the decryption key will actually work.

A wide range of sectors have been hit by ransomware groups that use the fear of service disruption and exposure of confidential data to leverage a ransom payment. While it is a practice frowned upon by cybersecurity experts and government agencies both in the US and here in the UK, paying out ransoms is often accepted as a new kind of cost for companies conducting business.

While statistics estimate that around half of institutions and organisations attacked by ransomware tactics will concede to demands and pay, many others will still refuse point-blank to give in, regardless of threats and the ultimate consequences.