Ransomware group claims massive data leak but Minneapolis schools files’ whereabouts a mystery

/in


This story comes from The 74, a nonprofit news organization that covers education in America.

A cyber gang claims it published what could be a startling amount of stolen Minneapolis Public Schools records to the internet after the district failed to meet a $1 million extortion demand, but where the actual files are now remains something of a mystery.

Early Friday morning, after the Medusa gang’s countdown clock on the ransom deadline struck zero, the files weren’t readily available for download on its dark web leak site. Instead, a “Download data now!” button directs users to contact the ransomware gang through an encrypted instant-messaging protocol. Attempts by The 74 to reach the gang have been unsuccessful.

Files from previous Medusa victims are available on a website designed to resemble a technology news blog — a front of sorts. Unlike the Medusa blog, this site is not relegated to the dark web and does not require special tools to access. Download links are also posted in a channel on Telegram, the encrypted social media service that’s been used by terror groups and far-right extremists. Yet as of Friday afternoon, the files purportedly stolen from the Minneapolis district were not available for download on either platform. 

Data breaches from previous victims appear to be uploaded to the faux technology news blog about a month after their ransom expires, suggesting that the Minneapolis files could become available online after a brief lag. 

Article continues after advertisement

Still, in a statement on Friday, the district said it “is aware that the threat actor has released certain MPS data on the dark web today.” 

“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,” the district continued. “This will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.” 

Early indications suggest the files contain…

Source…