WA: Clover Park School District investigating ransomware attack

Kevin Ko reports:

Facing a “system outage,” the Clover Park School District is investigating why it’s “experiencing a technology issue,” a district spokesperson said in a statement.

“We are working with third-party cybersecurity specialists to investigate the root cause of this system outage and will provide more information as our investigation continues,” the statement reads.

Read more on KIRO7, who was sent screencaps by an employee. The screencap indicates that CPSD was the victim of a ransomware attack by what appears to be a new group or relatively unknown group of threat actors who appear to be calling themselves “PayOrG” (PayOrGrief).  The attackers have demanded $350,000 in ransom and have given the district 21 days to pay or have data dumped. They do not provide any proof of claims, but do offer to decrypt a “couple files” as proof if contacted via chat.

Ransom note
Threat actors’ ransom note. IMAGE: KIRO7

DataBreaches.net is not publishing the url of the leak site.

One tweet in the district’s timeline earlier today announced:

CPSD experiencing a temporary tech issue. Follow district’s Power & Internet Outage Guidance. Students participating in virtual learning @home will continue w/classwork from home; students scheduled for in-person learning @school will continue on schedule. We’ll provide updates.

None of their subsequent tweets today referred to the problem or provided any update, however. Attempts to connect to the district’s web site tonight timed out.

About the author: Dissent

5 comments to “WA: Clover Park School District investigating ransomware attack”

You can leave a reply or Trackback this post.
  1. Ash - May 26, 2021

    What kind of asshole hacks a school. Then demands funds that they don’t have? Special place in hell. Attack Amazon or Google. Not a school. Ffs

    • Dissent - May 27, 2021

      The education sector is one of the top two sectors for such attacks because their security is usually not as good as other sectors.

    • zer0 - May 30, 2021

      the school wont pay unless they were fools and didnt have cyber insurance but if so, depending on the policy cyber insurance will pick up the tab at the end of the day. This happens daily and not many people have insight to it.

    • Nix - June 2, 2021

      Schools – with users starting at 5 years old – can’t maintain the kind of security the Defense Department can (and how many federal agencies got victimized in that last round?). When pandemic forced them to convert, overnight, into remote learning, solutions were hasty and catch-as-catch-can, with no planned budget/funding behind them. Even staff went remote – removing them from being behind district firewalls and enterprise connections. In short, schools have always been more vulnerable, and the events of the past year have made them more vulnerable than ever.

      On the other side of the equation, threat actors have been focusing on schools, hospitals and public services – people they know can’t afford to just shut down during a pandemic. There’s a TON of this happening, as these illegal enterprises capitalize on the current situation.

  2. Angel O - June 1, 2021

    Right! I haven’t got a paycheck because of this! And cpsd only pays once a month at the end of the month. I been waiting on this check!

Comments are closed.