Conti Gang Demands $40M Ransom from Florida School District

Cyber Security News

New details of negotiation between attackers and officials from Broward County Public Schools emerge after a ransomware attack early last month.

The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable.

The incident that was discovered on March 7 at Broward County Public Schools drew limited attention at the time of attack. However, new details have emerged on DataBreaches.net, which recently posted a screenshot of a chat between attackers and a school district official about the sum of money attackers demanded. That has shed new light on the incident, given the exorbitant nature of the ransom demands.

During the conversation, attackers — who claim to be from the “ContiLocker Team” — informed the official that they had not only encrypted files, but also had downloaded “more than 1 terabyte of personal data, including financial, contracts, database and other documents” containing Social Security numbers and other personal information about teachers and students.

To decrypt the files and prevent attackers from publishing the info online, the group demanded a ransom of $40 million. They told the official that their research revealed that the school district had revenues of $4 billion, justifying their demand.

To no surprise, the Broward County official responded with confusion and shock. “You cannot possibly think we have anything close to this!” the official said, according to the screenshot.

To be fair, Broward County Public Schools, with 271,000 students, is the nation’s sixth-largest school district and does have an annual budget of about $4 billion. However, the ransom demand still shows that “this particular threat actor group is woefully underinformed,” said one security expert.

Even with that kind of revenue, a public school district still would not have the kind of capital on hand to pay so much money to hackers, Chloé Messdaghi, founder of global ethical hacker community WeAreHackerz, said in an email to Threatpost.

“U.S. school districts may appear to some have large budgets, but almost all of those budgets are committed to ongoing expenses that are deeply and contractually committed,” she explained. “There’s little to no discretionary budget, and even core resources are underfunded.”

Indeed, though ransomware groups often ask for ransoms in the millions, the amount demanded from the school district is extremely high, even for the Conti Gang. In November, for instance, the group attacked chip manufacturer Advantech, demanding the bitcoin equivalent of $14 million from the company, which reported more than $51 billion in revenue for the fiscal year 2020.

The unrealistic demand also demonstrates that the threat actors behind Conti Gang are clearly not from the United States, or they would probably know how the finances of public school systems work, Messdaghi said.

Asking for such a large sum from the district also shows “the worst of criminal intent — especially at a time when schools are struggling to sustain education in the midst of the pandemic, while taking on the added missions of reaching those kids suffering from food insecurity and unsafe home lives,” she said.

Upon discovering the “service disruption, which impacted the availability of certain systems” on March 7, Broward County Public Schools immediately began to investigate with the help of a cybersecurity firm, according to a post on its website.

Officials have said that they have no intention of paying such a large ransom, though they did offer to pay $500,000 to attackers, according to a published report. Upon this offer, the Conti Gang ended negotiations, according to the report.

At the time of the attack, officials also said that they were not aware of any student or employee personal data that was compromised in the incident, but would make the necessary disclosures if this turned out to be the case.

The school district is continuing to determine the scope of the incident as well as to restore its systems to complete functionality while law enforcement investigates the attack. Broward County Public Schools could not be reached immediately for comment Tuesday on the current state of the incident.

Educational institutions are among the public entities that have fallen victim to an epidemic of attacks by ransomware gangs in the last year. Last September, a ransomware attack on California’s Newhall School District in Valencia affected all distance learning across 10 different grade schools. That same month, the Clark County School District, which includes Las Vegas, was crippled by a ransomware attack by the Maze gang; data stolen from that attack turned up on an underground forum later that month.

Meanwhile, last summer alone, four different universities fell victim to the NetWalker ransomware gang, according to tallies from Avira: The University of Utah (which paid almost half a million dollars); Columbia College in Chicago (ransom status unknown); Michigan State University (no ransom paid); and the University of California San Francisco (which paid $1.14 million).

Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community: April 21: Underground Markets: A Tour of the Dark Economy (Learn more and register!)