Medusa Ransomware Group claims to have hacked Minneapolis Public Schools and stolen students data & threatens to leak if $1 million ransom demand

Continue reading
Medusa ransomware group has struck again, this time hitting the Minneapolis Public Schools (MPS) district with a crippling cyberattack. The threat actors have stolen sensitive data from MPS, demanding a $1 million ransom to release the stolen data back to the organization. The group has also threatened to release all the stolen data if the ransom is not paid by March 17, 2023.
The Medusa ransomware group is relatively new, having emerged in 2021, but it has been gaining notoriety recently due to its increasingly sophisticated and bold attacks. Unlike other ransomware gangs that primarily target high-value corporate and government targets, the group has broadened its scope to include educational institutions like MPS.
The attack on MPS highlights the serious threat that ransomware poses to sensitive data. MPS has publicly disclosed that the attackers have gained access to some of its systems, but the investigation has not yet determined the extent of the breach. The group's threat to release the stolen data has raised concerns about the potential impact on the school district and its students, faculty, and staff.

*MPS Data Availability on Medusa’s blog*
The Medusa ransomware group has taken a bold approach in this attack, posting a video on its dark web site showing the data allegedly stolen from MPS. This is the first time such a tactic has been used by a ransomware group, which underscores the group's growing confidence and expertise.
MPS has taken a firm stance against the ransomware group's demands, stating that it will not pay the ransom. Instead, the organization has opted to restore the data encrypted by the attackers using internal backups. MPS has also warned its students, teachers, and staff about the elevated risk of phishing attacks and scamming attempts due to the breach.
The attack on MPS could have far-reaching consequences for the school district and its stakeholders. The potential exposure of sensitive data, including personally identifiable information (PII) of students and faculty, could lead to identity theft, fraud, and other criminal activities. The attack also underscores the need for educational institutions to improve their cybersecurity defenses to protect against future attacks.

148 malicious npm packages masquerading as student proxy and school Wi-Fi bypass tools. Rather than compromising developers during installation