Many documents purported to have been stolen from Minneapolis Public Schools, and have now been posted online. In the days following the announcement of the breach, a cyber gang claimed that the district did not meet its deadline to pay a ransom demand of $1 million.
It was evident that download links appeared on a website designed to look like a technology news blog in the middle of the night, a front for the attack, on Wednesday morning, and the next day, the links appeared on Telegram, an encrypted instant messaging service widely used by terrorists and far-right extremists.
There is still some doubt about the contents of the large 92-gigabyte file currently being sent to the 74.
There is still a significant difference between the available download and what the Medusa ransomware gang claimed it stole from the district. This is 157 terabytes - 1,000 gigabytes in one terabyte.
Earlier this month, a dark web blog belonging to the criminal group uploaded a file tree detailing the ownership of the files to its website. As the file tree shows on the left, it would appear that a large amount of sensitive information is contained in the records that are visible in the file tree. In addition to these questions, you will be able to obtain information about allegations of sexual violence by students, district finances, student discipline, special education, civil rights investigations, and notification of student maltreatment and sexual offenders, as well as information regarding district finances, student discipline, special education, and civil rights investigations.
Even though the full scale of the breach is not known yet, cybersecurity experts say present and former Minneapolis residents and district employees should take steps to protect themselves as soon as possible.
According to Doug Levin, the national director of the K-12 Security Information Exchange and an expert in K-12 cybersecurity incidents, now is a good time to implement two-factor authentication to accounts that can benefit from it as well as avoid reusing passwords across multiple services.
However, experts said that there are no easy solutions for those who are now at risk of having sensitive personal information accessible to them, including personal information about incidents of student sexual misconduct. Levin is one of the most prominent mental health professionals in the country. He says that if you are the victim of harassment, you should strongly consider seeking mental health counseling or creating an action plan.
As Levin explained, when a genie has been allowed out of its bottle, it is extremely difficult to re-inject it. As he continued, he stated that the school district had no idea what it could do to comfort these individuals or even to provide them with any recourse. Credit monitoring is not helpful. They would like their well-being and reputation to be protected.
There have been several complaints about the Minnesota district's public communications about a ransomware attack, which it initially referred to as an "encryption event." This past Friday, the Minneapolis district announced that the ransomware group had released the stolen records on the dark web, a part of the internet accessible only with special software that can leave the user untraceable.
In a Telegram message, the user identified himself as an 18-year-old Minneapolis high school student who was interested in downloading the data, because they were concerned it might contain sensitive information such as their Social Security number or other personal information, The 74 reported.
The district has urged the community, as a part of its checklist of safety precautions, that downloads of the breached data should be avoided as much as possible. The paper argues that doing so could contribute to the work of cybercriminals because it would increase our community's fear of the information and increase the level of panic that they would cause.
Additionally, the district has issued warnings to its residents urging them not to respond to suspicious emails or phone calls because they may be phishing scams. It has also urged them to change their passwords periodically. A statement from the district stated that the district was working to determine which records had been compromised on Friday. As a result of the ongoing process that is expected to take some time, the company planned to inform affected individuals when it was complete.
Callow believed ransomware victims should take a proactive approach to notify those whose data was stolen in the first place. The investigation will be completed at the end of the investigation rather than waiting until it is completed.
