Ransomware operators have released the personal data of students in the Clark County School District in Nevada after officials refused to pay to have their files decrypted.
The information leaked reportedly includes Social Security numbers, names, grades, addresses, and financial information. District officials have been thus far unable to verify the data.
“CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement. The District is unable to verify many of the claims in the media reports. As the investigation continues, CCSD will be individually notifying affected individuals,” the school district announced in a September 28 press release.
The school district was originally infected with a still unidentified strain of malware on August 27, It declined to pay the ransom demanded in return for access to the encrypted files.
The FBI strongly discourages paying ransom in response to ransomware attacks.
“Paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity,” the government agency states on its website.
Schools have been an increasingly common target for ransomware attacks, especially with more districts relying on remote learning in the wake of the Covid-19 pandemic.