A group of cybercriminals hacked the Vicksburg Warren School District’s servers last month and claimed to have employees’ personal information and internal school documents.

A group that calls itself “Grief” breached the school’s servers through a ransomware attack on May 28.  

“The network of Warren Vicksburg School was screwed and now we have about 10 GB of data from file servers, including internal company documents and personal information,” the group’s website read before it was removed. “According to our rules we are publishing this data step by step in case if this company will keep silence (sic).”

While the district declined to answer whether it paid a ransom to the group to prevent the release or sale of personal information, Brett Callow, a threat analyst at the antivirus company Emisoft, said when the cybercriminals remove the threat from online, “it’s usually an indicator they are in negotiations or have been paid.”

A district spokesperson said Thursday they are “working to determine what information might have been affected.”

A Mississippi Department of Education spokeswoman confirmed the district had contacted the department in recent weeks about the attack. George Co. School District also made the department aware it had been attacked in recent weeks. It’s unclear if the attacks were carried out by the same group. 

Most employees in Vicksburg Warren School District first heard of the breach Friday morning, two weeks after it occurred and after Mississippi Today asked the district why teachers had not been informed their personal information may have been compromised.

“On May 28, we identified suspicious activity on some of our computer systems. We immediately took steps to stop the activity and investigate it further,” a Friday email from Superintendent Chad Shealy to district employees said. “Out of the concern to protect our staff and students, the District engaged an independent cybersecurity expert and law enforcement to help in our investigation. At this time, there’s no evidence that employee sensitive information was accessed or misused.” 

The Vicksburg attack comes after last month’s ransomware attack on the Colonial Pipeline and dozens of other American entities in recent weeks, renewing fears about technology being used to hold the government or entire sectors of the economy hostage.

The phenomenon is not new to Mississippi schools. In October of last year, Yazoo Co. School District was also the victim of a ransomware attack and was made to pay $300,000. 

Superintendent Ken Barron said the district’s insurance provider handled the attack and paid the ransom, and a cybersecurity company negotiated with the hackers. Since then the district has upgraded its firewalls, reconfigured its servers and taken several other measures to ramp up its protection against future threats, but leaders are still unsure exactly how the attackers made it into the school servers.

“It’s a growing concern” among schools in Mississippi, Barron said, noting he knew of another Mississippi superintendent who recently increased his district’s insurance coverage in case of future cyber attacks.

At least four Mississippi school districts or universities have been targeted in ransomware attacks since 2013, according to a database compiled by StateScoop, though others may not have been publicly disclosed. The Oxford School District was targeted in 2016, though officials said they did not pay a ransom. The FBI investigated the Oxford hack.

Callow said attacks in other school districts led to extremely sensitive information being released online.

“An attack in Ohio’s Toledo Public Schools has been especially egregious. Information posted on the hacker’s website in October includes Social Security numbers and dates of birth for students and employees, disciplinary and disability information on students, employee evaluations and exam grades,” Callow said. “It included the identities of an eighth-grader listed as emotionally disturbed, a ninth-grader suspended for sexual activity and a roster of foster children.” 

Callow said while it’s disappointing when schools and other companies pay a ransom to the cybercriminals, it’s not surprising. 

“Unfortunately, it’ll help keep schools in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it,” he said. 

Aside from Vicksburg Warren, “Grief” has also apparently targeted Lancaster Independent School District in Texas, Clover Park School District in Washington and Mobile County in Alabama. The Mobile County attack apparently shut down systems for three days and sparked a federal investigation.

Close window X

Republish this article

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.

Unless otherwise noted, you can republish most of Mississippi Today’s stories for free under a Creative Commons license. For digital publications:

• Look for the "Republish This Story" button underneath each story. To republish online, simply click the button, copy the html code and paste into your Content Management System (CMS).
• Editorial cartoons and photo essays are not included under the Creative Commons license and therefore do not have the "Republish This Story" button option. To learn more about our cartoon syndication services, click here.
• You can’t edit our stories, except to reflect relative changes in time, location and editorial style.
• You can’t sell or syndicate our stories.
• Any web site our stories appear on must include a contact for your organization.
• If you share our stories on social media, please tag us in your posts using @MSTODAYnews on Facebook and @MSTODAYnews on Twitter.

For print publications:

• You have to credit Mississippi Today. We prefer “Author Name, Mississippi Today” in the byline. If you’re not able to add the byline, please include a line at the top of the story that reads: “This story was originally published by Mississippi Today” and include our website, mississippitoday.org.
• You can’t edit our stories, except to reflect relative changes in time, location and editorial style.
• You cannot republish our editorial cartoons, photographs, illustrations or graphics without specific permission (contact our managing editor Kayleigh Skinner for more information). To learn more about our cartoon syndication services, click here.
• Our stories may appear on pages with ads, but not ads specifically sold against our stories.
• You can’t sell or syndicate our stories.
• You can only publish select stories individually — not as a collection.
• Any web site our stories appear on must include a contact for your organization.
• If you share our stories on social media, please tag us in your posts using @MSTODAYnews on Facebook and @MSTODAYnews on Twitter.

If you have any other questions, contact Audience Development Director Lauchlin Fields.

Mississippi school districts targeted by ransomware attacks

by Kate Royals and Will Stribling, Mississippi Today
June 11, 2021

<h1>Mississippi school districts targeted by ransomware attacks</h1> <p class="byline">by Kate Royals and Will Stribling, Mississippi Today <br />June 11, 2021</p> <p>A group of cybercriminals hacked the Vicksburg Warren School District’s servers last month and claimed to have employees’ personal information and internal school documents.</p> <p>A group that calls itself “Grief” breached the school’s servers through a ransomware attack on May 28.&nbsp;&nbsp;</p> <div class="wp-block-image"> <figure class="alignright size-large is-resized"><img src="https://mississippitoday.org/wp-content/uploads/2021/06/VWSD_Redacted.jpg" alt="" class="wp-image-1006661" width="385" height="310" /><figcaption>A screenshot of the post on "Grief" website before it was removed.</figcaption></figure> </div> <p>“The network of Warren Vicksburg School was screwed and now we have about 10 GB of data from file servers, including internal company documents and personal information,” the group’s website read before it was removed. “According to our rules we are publishing this data step by step in case if this company will keep silence (sic).”</p> <p>While the district declined to answer whether it paid a ransom to the group to prevent the release or sale of personal information, Brett Callow, a threat analyst at the antivirus company Emisoft, said when the cybercriminals remove the threat from online, “it’s usually an indicator they are in negotiations or have been paid.”</p> <p>A district spokesperson said Thursday they are “working to determine what information might have been affected.”</p> <p>A Mississippi Department of Education spokeswoman confirmed the district had contacted the department in recent weeks about the attack. George Co. School District also made the department aware it had been attacked in recent weeks. It’s unclear if the attacks were carried out by the same group.&nbsp;</p> <p>Most employees in Vicksburg Warren School District first heard of the breach Friday morning, two weeks after it occurred and after Mississippi Today asked the district why teachers had not been informed their personal information may have been compromised.</p> <p>“On May 28, we identified suspicious activity on some of our computer systems. We immediately took steps to stop the activity and investigate it further,” a Friday email from Superintendent Chad Shealy to district employees said. “Out of the concern to protect our staff and students, the District engaged an independent cybersecurity expert and law enforcement to help in our investigation. At this time, there’s no evidence that employee sensitive information was accessed or misused.”&nbsp;</p> <p>The Vicksburg attack comes after last month’s ransomware attack on the Colonial Pipeline and dozens of other American entities in recent weeks, renewing fears about technology being used to hold the government or entire sectors of the economy hostage.</p> <p>The phenomenon is not new to Mississippi schools. In October of last year, Yazoo Co. School District was also the victim of a ransomware attack and was made to pay $300,000.&nbsp;</p> <p>Superintendent Ken Barron said the district’s insurance provider handled the attack and paid the ransom, and a cybersecurity company negotiated with the hackers. Since then the district has upgraded its firewalls, reconfigured its servers and taken several other measures to ramp up its protection against future threats, but leaders are still unsure exactly how the attackers made it into the school servers.</p> <p>“It’s a growing concern” among schools in Mississippi, Barron said, noting he knew of another Mississippi superintendent who recently increased his district’s insurance coverage in case of future cyber attacks.</p> <p>At least four Mississippi school districts or universities have been targeted in ransomware attacks since 2013, <a href="https://statescoop.com/k12-ransomware-attacks-cybersecurity/" target="_blank" rel="noreferrer noopener">according to a database compiled by StateScoop</a>, though others may not have been publicly disclosed. The Oxford School District was targeted in 2016, though officials said they did not pay a ransom. The FBI investigated the Oxford hack.</p> <p>Callow said attacks in other school districts led to extremely sensitive information being released online.</p> <p>“An attack in Ohio’s Toledo Public Schools has been especially egregious. Information posted on the hacker’s website in October includes Social Security numbers and dates of birth for students and employees, disciplinary and disability information on students, employee evaluations and exam grades,” Callow said. “It included the identities of an eighth-grader listed as emotionally disturbed, a ninth-grader suspended for sexual activity and a roster of foster children.”&nbsp;</p> <p>Callow said while it’s disappointing when schools and other companies pay a ransom to the cybercriminals, it’s not surprising.&nbsp;</p> <p>“Unfortunately, it’ll help keep schools in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it,” he said.&nbsp;</p> <p>Aside from Vicksburg Warren, “Grief” has also apparently targeted Lancaster Independent School District in Texas, Clover Park School District in Washington and Mobile County in Alabama. The Mobile County attack apparently <a href="https://www.wkrg.com/mobile-county/mobile-county-hit-by-cyber-attack/" target="_blank" rel="noreferrer noopener">shut down systems for three days </a>and sparked a federal investigation.</p> <p>This <a target="_blank" href="https://mississippitoday.org/2021/06/11/school-district-ransomware-attack-mississippi/">article</a> first appeared on <a target="_blank" href="https://mississippitoday.org">Mississippi Today</a> and is republished here under a Creative Commons license.<img src="https://i0.wp.com/mississippitoday.org/wp-content/uploads/2021/01/MT_square-thumb.jpg?fit=150%2C150&amp;ssl=1" style="width:1em;height:1em;margin-left:10px;"><img id="republication-tracker-tool-source" src="https://mississippitoday.org/?republication-pixel=true&post=1006663" style="width:1px;height:1px;"></p> Copy to Clipboard

1