Medusa ransomware group has allegedly posted stolen data following a cyberattack on Minneapolis Public Schools. The group earlier demanded a ransom of $1 million, with March 17 as payment deadline.
The leaked information from the Minneapolis Public Schools data breach, as per reports, dates back to 1995 and includes assault complaints, civil rights investigations, payroll and health information, union grievances among other details.
Data leak post (Photo: Brett Callow/ Twitter)
The data leak post by a user going by the name Robert said, “… the only way to change rotten systems is to publicly show that they are extremely unsuitable for further use.”
The post also stated that the board of trustees of the organization, which houses over 100 schools in Minnesota, makes the right decision on the management of the organization.
Cybersecurity researcher Brett Callow tweeted, “..100GB files containing what’s claimed to be the data stolen from Minneapolis Public Schools to a site on the Clearnet.” This website is also linked to the Medusa ransomware group’s Telegram channel.
A password was left on the post to access the stolen data from the Minneapolis Public Schools.
The sequence of events following the alleged Minneapolis Public Schools data breach
The Minneapolis Public Schools posted an advisory on February 24, citing the school system was experiencing a systems outage. It experienced the incident on February 18 that impacted its internet, security cameras, phones, printers, alarms, etc.
A district spokesperson told Sahan Journal, “To date, our investigation has found no evidence that personal information was compromised as a result of this event.” The school called it an ‘encryption event’ that shut its systems for a week following which it was restored.
Minneapolis Public Schools posted another notice on March 17 that confirmed the security incident.
Impact of the Minneapolis Public Schools data beach
A parent-teacher conference was canceled because of the Minneapolis Public Schools data breach.
Students at the elementary school faced difficulty in transitioning to online classes as compared to older classes when the school had to take online classes. Some teachers were not able to access the systems or communicate well online. The principal was also locked out of her email.
On March 1, the school district announced that they have largely restored the backups after the systems were infected by an encryption virus. The notice confirmed a ransomware attack and denied paying a ransom.
On March 7, the school district said that some information was leaked online from the Minneapolis Public Schools data breach. The notice was updated on March 9 and read, “We have taken a stance against these criminals and are restoring our systems without the need to cooperate with them.”
Another update on March 14 stated that the school authorities were aware of spam calls, locked Amazon and Netflix accounts, false invoices, free giveaway scams, etc., that were reported after the exploitation of stolen data.
(Photo: The 74)
On March 17, as soon as the ransom deadline was over, Medusa ransomware group leaked information allegedly from the Minneapolis Public School data breach.