It’s known as the Medusa ransomware gang.
Though the name is based on a Greek mythological character known for turning those who meet her eyes into stone, cybersecurity experts say that moniker has been applied to hackers because they figuratively turn people’s personal data into stone.
For example, the attackers lock victims’ files until a large sum of ransom money is paid.
According to informational technology [IT] group, securityboulevard.com, the Medusa ransomware gang started in June 2021 and has grown to have orchestrated several significant data breaches with most of its victims being educational institutions.
“Coast to coast, the educational systems include the Glendale Unified School District in California, the Hinsdale School District in New Hampshire and the Campbell County Schools in Kentucky,” according to cybernews.com, a research-based online publication.
This “group” is not alone, as other media sources have attributed people living in Eastern Europe or Russia as the majority of ransomware gangs.
Oftentimes, security is one of the areas where budgets might either be cut or just might not be sufficiently funded.”
— California State University, Fullerton, associate professor Mikhail Gofman
Between 2016 and 2022, for example, more than 1,600 cyberattacks were reported on schools, according to K12 Security Information Exchange, a nonprofit organization aimed at helping institutions prevent such digital assaults.
“And 80 percent of school IT professionals in a recent survey reported that they had been hit by a ransomware attack in the past year,” according to edweek.org, an online website covering news on national K-12 education. “School IT professionals were more likely than their counterparts in other industries to report that they had experienced such attacks.”
These situations have forced education officials to view safety beyond the regular school day, creating a new digital front to keep the data of all stakeholders – employees, students and their parents – secure.
As a certified information systems security professional, California State University, Fullerton, associate professor Mikhail Gofman said school districts are often a common target of ransomware attacks because they have limited resources to invest in cyber security for data that spans from teachers to students and their parents.
“Oftentimes, security is one of the areas where budgets might either be cut or just might not be sufficiently funded,” Gofman said. “So [hackers] know that public school districts may be sort of at a disadvantage, and they might be the software targets.”
The professor said if schools refuse to pay what hackers demand, which can range from six figures to millions of dollars, hackers can also reach out to the families whose data they possess and promise to withhold the information for a price.
And in some cases, they will publish the data on the dark web, where cybercriminals and identity thieves may take the data, which is what the Medusa gang did with the Glendale Unified School District, according to cybernews.com.
“The school says ‘We’re not going to pay,’ but then they can use that as an intimidation tactic, saying ‘Well, would you like us to publish all the data on your students?’” Gofman said.
Since schools deal with vast amounts of sensitive details of minors such as personal details, grades and home communications, the leaking of such data can lead to legal issues, such as getting sued.
The associate professor said recent trends have shown that ransomware attacks on schools are very frequent and that another could happen again, which can end up being dangerous.
“For example, [if the information is] being sold on the dark web, this could impact somebody’s life in all kinds of ways,” Gofman said. “Maybe down the road, somebody [could find] some sort of information about you and then use it for intimidation.”
That was the concern that two teachers from the Fullerton Joint Union High School District [FJUHSD] had shared with trustees during the Tuesday, Feb. 6, school board meeting. Their frustration was centered on the Tuesday, Nov. 14, ransomware attack that hit the district as well as all schools in it, leaving students and all employees without internet access for two days.
“I have had a cyber security subscription with Lifelock for 10 years and beginning on Nov. 20th, I received the first of 23 alerts that would come to me over the next two months that my information had been compromised,” said Carrie Forsythe, who teaches math at La Habra High School. “The alerts included that my information had been found on the dark web, my passwords old and current were also compromised and attempts were being made to access my credit. In the 12 months before the Cyber Ransomware breach, I received only two minor alerts.”
La Habra social teacher Misty Burt, who spoke earlier, scolded district officials for taking so long to communicate to all involved what happened and who were victimized.
“Let me restate that the information, which was extremely limited, came to us nearly a month after the incident,” Burt said. “This delay conveys a profound disregard for the responsibility the district has to the stakeholders and community to keep their information secure or at the minimum provide us with the information in a timely manner, so that at the very least, individually we could take measures to best protect ourselves.
“This district did neither. Instead, the district acted paternalistically and, in my view, recklessly and continues to do so with its lack of transparency.”
It has been my experience that there is a general and overwhelming fear among employees of the district that they will be punished if they speak out against the administration.”
— La Habra social science teacher Misty Burt
In an interview with The Accolade, Burt said she and Forsythe acted alone and did not contact the teachers union or any other teachers about their public comments to the board.
Despite her stepping forward to do so, the teacher with 25 years in the district said she does not expect any of her peers to follow in her footsteps.
“It has been my experience that there is a general and overwhelming fear among employees of the district that they will be punished if they speak out against the administration,” Burt said.
School board members are not obligated to share opinions from those who speak during the public comments portion of their meeting. District officials have declined to give any more information to The Accolade beyond the superintendent’s Friday, Jan. 12, letter emailed to all stakeholders.
According to an Accolade poll from Tuesday, Jan. 23-Thursday, Feb. 29, 66% of 106 respondents reflected their concern that the district isn’t explicitly mentioning which students’ data was breached while 15% aren’t worried; 19% responded that they weren’t aware that a ransomware attack had occurred.
“I think that the district should at least give some closure to us,” sophomore Ruthanne Delos Angelos said. “That way, we won’t be worried about our information floating around.”
