Florida School District Ransomware Attack

Threat actors recently demanded a $40 million ransom payment from the Broward County Public Schools district in Florida.

According to Bleeping Computer, the cyberattack forced the school system to shut down its IT systems last month. After negotiations between the Conti ransomware group and the school system failed, the threat actors published alleged screenshots of the ransom negotiations.

The malicious hackers ultimately lowered the ransom to $10 million, but it was still far more than the $500,000 the school district ended up paying.

Eddy Bobritsky is CEO of Minerva Labs. 

“The surprising thing is the unbearable easiness of having to pay this huge amount of money,” he said. “You can see in the negotiation screenshots how it was so easy for the organization to pay $500,000 just for this attack to stop. And it is not because this organization has a lot of money. It is just because they had to return to their regular routine, and of course, if this case would have continued more days, the costs would’ve been much higher, not just because of the amount they had to pay, but also because of the risk for ruined reputation, the loss of working days and school days, and more.”

Schools, along with all kinds of organizations and businesses, have to invest in prevention solutions, Bobritsky said.

“We have to remember the unfair fact that small organizations with limited teams and low budgets have to protect themselves from the same attack that will occur in a large organization with a big team of experts and a budget of tens of millions of dollars,” he said. “The reality is that 80% of organizations don’t have the resources to have this kind of team and skill sets. It is important to realize that threat actors don’t seek just the big and well-founded organizations. And the loss can be felt much more in small organizations and businesses.”