The Minneapolis Public Schools (MPS) has been added to the darknet website used by the Medusa ransomware gang to identify and extort victims.
Now, the MPS district is being asked for a $1 million ransom by the gang in order to erase data that was allegedly stolen during a ransomware attack.
The Ransomware Gang Is Different From MedusaLocker Ransomware
Every year, MPS enrolls more than 35,000 students and operates about 100 schools throughout Minneapolis, making it vulnerable to such cyberattacks.
According to Cyber News, in February, after the organization's computer systems went down, MPS confirmed the cyberattack.
Due to the language MPS chose to characterize the ransomware attack-which it euphemistically referred to as a "encryption event"-the attack attracted attention on social media.
On its Tor data leak website yesterday, Medusa cited MPS as a victim and threatened to reveal all the information it claimed to have stolen from the public school system by March 17.
The hackers accept an equal sum in exchange for giving potential buyers access to the data, but they want payment of $1 million to erase all data.
Moreover, they provide 1-day data publication deadline extensions for $50,000, as per a report by Bleeping Computer.
Because the gang produced a video displaying all the information allegedly taken from the MPS district, this extortion effort stands out.
Emsisoft's threat analyst Brett Callow tweeted that he had never seen this approach used publicly and that the movie was about 51 minutes long when it was initially discovered.
Unlike the traditional practice of uploading screenshots on Tor sites, this fairly novel and audacious manner of demonstrating access to the victim's computers has the potential to reach a big audience.
The Medusa ransomware is thought to function in a ransomware-as-a-service model, where cyberhackers with limited technical expertise use software created by experienced hackers.
Read More: US Marshals Service Suffers Ransomware Attack, Sensitive Law Enforcement Data Compromised
The MPS Will Not Be Paying For Any Ransom Demand
The educational institution declared it had no intention of paying the gang's demanded ransom and instead chose to use internal backups to recover the data that had been encrypted.
According to MPS, there is currently no proof of unauthorized access, ruling out the potential of data theft.
"MPS has not paid a ransom and the investigation has not found any evidence that any data accessed has been used to commit fraud," reads the MPS systems outage notice.
The MPS says that the impacted individuals will be notified right away if the current investigation shows that personal information has been compromised, Bleeping Computer notes.
Given that a full week has gone since this declaration and that Medusa has now made good on its threat to divulge private information, MPS may soon give an update on potentially stolen data.
Subsequently, the public organization informed its pupils and more than 4,500 teachers and staff of the increased danger of phishing attacks and fraud attempts against them as a result of this breach.
Related Article: Dish Network Confirms Ransomware Attack Affecting Internal Systems Outage
