Broward County Schools Ransomware Attack

Atlantic.Net is providing this security advisory as a news item; we want to reassure our customers that Atlantic.Net does not use any of these products affected by this exploit internally or in any of our service offerings.

Local news reported that Florida-based Broward County Public Schools are in the midst of a serious cybersecurity incident. Experts believe a cybersecurity attack took place against Broward IT Systems in early March. Broward County is home to approximately 240 public schools, ranging from elementary to high schools, and some 260,000 students attend schools in this Florida district.

Reports suggest that the schools’ computer systems have been targeted by a ransomware attack. Most shockingly, the cybercriminals are demanding a payment of $40 million or they will release “personal information” about students and staff. So far, Broward County Schools have remained tight-lipped, neither confirming nor denying the cybersecurity threat.

What do we know about the Broward County Schools breach?

The Hackers claim to have stolen 1.5TB of data from the Broward County Schools backend IT systems. In a transcript of phone messages published online, the hackers claim that “personal data, including financial, contracts, databases and other documents containing (Social Security numbers) addresses (dates of birth) and other information about students and teachers” had been stolen.

Many students are still having to learn remotely due to the Covid-19 pandemic, and these students and parents reported issues with some of Broward County IT Systems on the 9th of March 2021. Students were unable to access the primary learning platform known as Canvas. Other applications were reported offline including Pinnacle (a grading and attendance tool), and access to some of the school databases was cut.

The South Florida Sun-Sentinel started to receive information from parents and teachers that “Pinnacle was scheduled to be back online at noon Wednesday [10th March]. A program called Virtual Counselor would be back up at noon Saturday [13th March] and one called BASIS, which hosts a variety of student data, would be up at 10 a.m. Monday [15th March].” This information seems to add credibility that the ransomware attack was genuine.

The hackers are believed to be the group known as Conti. Not much is known about Conti, but they are thought to be based in Russia, and there is online chatter that the group is a successor to Ryuk.  They do have a reputation; British retailer FatFace paid Conti £2 million in March 2021, so there is a good chance that they are expecting Broward County Schools to pay the ransom.

According to a leaked Scribd conversation allegedly between Conti and Broward County, an offer of $500,000 was made to the hackers. We don’t know if this was accepted or what has happened, there has been radio silence from the Conti dark web leak site that published the information. Maybe they have been paid? We simply do not know!

What are the likely causes of the breach?

We can only speculate at the moment because the schools have not released anything directly, but we expect this breach to be caused by a lack of training. Either a member of staff or a student with access to the internal systems clicked on a phishing email, a malicious URL link, or a TrickBot website, or they downloaded a compromised attachment embedded with malware.

Broward Schools manage and support their own private IT network, and it is believed to be operated in-house and managed at their head office. It’s possible a system was secured with a weak, guessable password. It is also likely that they were targeted simply because they are a school,  as public schools have strict, limited budgets and cybersecurity may not always be the number one priority.

Schools are data-rich environments; they hold sensitive data on students who are approaching adulthood and will soon be applying for bank accounts, credit cards, and student loans. The data is valuable as it could potentially be used for fraud.

Broward Schools may have been targeted because of the enforced remote working for students and teachers, In December 2020, the Cybersecurity and Infrastructure Security Agency, a federal agency, said cybercriminals like Conti have been aiming their sights more on schools due to the transition to remote learning during the COVID-19 pandemic.

What happens next?

With Broward County Schools being tight-lipped, it is very much a case of “wait and see what happens.” Have they paid the ransom? Have they even been hacked? Truthfully no one knows yet, and while some suggestive evidence has been released, there is no way of validating if it’s genuine.

If your business is concerned about cybersecurity. please feel welcome to reach out to Atlantic.Net. We are specialists in Managed Services, Cloud Hosting, and HIPAA compliance. Security of our infrastructure is of paramount importance, and we work hard to ensure we have the best security processes in place.

There is no doubt that this cyberattack is a very sensitive incident. Targeting schools is very demoralizing, and we feel concerned for any of our friends in the state of Florida that might be affected by this. Atlantic.Net has a full suite of Managed Security Services to help be proactive and prepare in advance for any security issues. Get in touch today.