The ransomware gang responsible for Knox College’s data breach is now directly contacting, intimidating students.
Here’s a new twist to ransomware: a hacker group that gained access to Knox College’s student data is emailing students directly with their ransom demands.
The group, known as the Hive, is believed to be responsible for the attack on the small liberal arts college’s computer network, reports NBC News. The hackers sent an email out to students on the evening of December 12.
The message claims the hackers have student personal data, including their Social Security numbers, medical records, psychological assessments, and other sensitive information. The group said it would put the stolen information for sale online.
“To us, this is a normal business day,” the email said in broken English, which is common for internationally-based ransomware gangs. “For you, its a sad day where everyone will see your personal and private info,” reports NBC News.
What happened at Knox College appears to be the first known case where ransomware hackers contact students directly to intimidate them.
According to a cybersecurity expert interviewed by NBC News, hackers are resorting to this tactic because more and more victims are refusing to pay ransoms.
The school originally announced it had experienced a ransomware attack on December 2, reports WGIL.
“We took prompt action to secure our network environment,” said the school’s Vice President of Communications and ITS Lisa Van Riper in a statement. “Systems and operations have been shut down to protect data and information, and we have engaged leading independent cybersecurity and digital forensics experts to assist with our investigation and response. We are working actively and diligently with the assistance of our retained experts to fully restore operations.”
It’s unclear if Knox College is trying to negotiate with the Hive. Authorities strongly recommend victims not pay ransoms because paying doesn’t guarantee that you’ll get data back and it encourages more ransomware activities.
However, there is the risk that data will be released. That’s what happened this fall when the Los Angeles Unified School District didn’t pay the ransom demanded by Vice Society, another ransomware gang.
Back in the fall of 2020, the Social Security numbers, grades, addresses, retirement documents and other personal information of Clark County School District (CCSD) students and employees were released to the public by hackers after district officials wouldn’t pay the ransom cyber criminals were seeking.