Ransomware actor tries to pressure Allen ISD by emailing parents
Benjamin Freed reports:
The malicious actors behind a ransomware attack against a school district in Texas attempted to extract payment this week with what one analyst said appears to be an entirely new tactic: emailing parents of students with a threat that if school officials do not pay up, their kids’ personal information may be published online.
Read more on StateScoop, but I will respectfully disagree with Doug Levin’s comments, because this is not a new tactic at all. Doug acknowledges thedarkoverlord used the same tactic (as this site reported in 2017). But he seems to have interpreted TDO’s motive as sowing chaos with law enforcement. Their motive was to try to terrorize the districts into paying their extortion demands. If they could screw law enforcement in the process, even better, but their motives were commercial — and just like some of the current crop of ransomware groups, TDO attempted to justify some of its actions by blaming the FBI for allegedly dissuading districts from paying their extortion demands.
So no, I do not see what happened with Allen ISD as a new tactic at all unless you want to sing along with “Everything old is new again.”
As a side note, the same tactic has also been tried in the healthcare sector where if clinics or hospitals don’t pay, the threat actors may start to email or contact patients to put pressure on the victim — or to extort the patients directly. TDO tried that approach too, as have other ransomware threat actors over the past year or more. Robert Purbeck, aka “Lifelock” is currently charged in the Northern District of Georgia with a number of charges that include him allegedly contacting patients of a victim in 2018 to try to extort them to pay.