A group of cybercriminals hacked the Vicksburg Warren School District’s servers last month and claimed to have employees’ personal information and internal school documents.
A group that calls itself “Grief” breached the school’s servers through a ransomware attack on May 28.
“The network of Warren Vicksburg School was screwed and now we have about 10 GB of data from file servers, including internal company documents and personal information,” the group’s website read before it was removed. “According to our rules we are publishing this data step by step in case if this company will keep silence (sic).”
While the district declined to answer whether it paid a ransom to the group to prevent the release or sale of personal information, Brett Callow, a threat analyst at the antivirus company Emisoft, said when the cybercriminals remove the threat from online, “it’s usually an indicator they are in negotiations or have been paid.”
A district spokesperson said Thursday they are “working to determine what information might have been affected.”
A Mississippi Department of Education spokeswoman confirmed the district had contacted the department in recent weeks about the attack. George Co. School District also made the department aware it had been attacked in recent weeks. It’s unclear if the attacks were carried out by the same group.
Most employees in Vicksburg Warren School District first heard of the breach Friday morning, two weeks after it occurred and after Mississippi Today asked the district why teachers had not been informed their personal information may have been compromised.
“On May 28, we identified suspicious activity on some of our computer systems. We immediately took steps to stop the activity and investigate it further,” a Friday email from Superintendent Chad Shealy to district employees said. “Out of the concern to protect our staff and students, the District engaged an independent cybersecurity expert and law enforcement to help in our investigation. At this time, there’s no evidence that employee sensitive information was accessed or misused.”
The Vicksburg attack comes after last month’s ransomware attack on the Colonial Pipeline and dozens of other American entities in recent weeks, renewing fears about technology being used to hold the government or entire sectors of the economy hostage.
The phenomenon is not new to Mississippi schools. In October of last year, Yazoo Co. School District was also the victim of a ransomware attack and was made to pay $300,000.
Superintendent Ken Barron said the district’s insurance provider handled the attack and paid the ransom, and a cybersecurity company negotiated with the hackers. Since then the district has upgraded its firewalls, reconfigured its servers and taken several other measures to ramp up its protection against future threats, but leaders are still unsure exactly how the attackers made it into the school servers.
“It’s a growing concern” among schools in Mississippi, Barron said, noting he knew of another Mississippi superintendent who recently increased his district’s insurance coverage in case of future cyber attacks.
At least four Mississippi school districts or universities have been targeted in ransomware attacks since 2013, according to a database compiled by StateScoop, though others may not have been publicly disclosed. The Oxford School District was targeted in 2016, though officials said they did not pay a ransom. The FBI investigated the Oxford hack.
Callow said attacks in other school districts led to extremely sensitive information being released online.
“An attack in Ohio’s Toledo Public Schools has been especially egregious. Information posted on the hacker’s website in October includes Social Security numbers and dates of birth for students and employees, disciplinary and disability information on students, employee evaluations and exam grades,” Callow said. “It included the identities of an eighth-grader listed as emotionally disturbed, a ninth-grader suspended for sexual activity and a roster of foster children.”
Callow said while it’s disappointing when schools and other companies pay a ransom to the cybercriminals, it’s not surprising.
“Unfortunately, it’ll help keep schools in the crosshairs. If a sector proves to be profitable, they’ll keep on hitting it,” he said.
Aside from Vicksburg Warren, “Grief” has also apparently targeted Lancaster Independent School District in Texas, Clover Park School District in Washington and Mobile County in Alabama. The Mobile County attack apparently shut down systems for three days and sparked a federal investigation.