Valid passport photos, payroll information and credit card states were among the almost 1 million files loaded on the dark website after a recent ransomware attack from a group of computer pirates in a school division of South Winnipeg.
The division of the Pembina Trails school was beaten in December by a violation of data made by a group of computer pirates known as Rhysida, which stole personal information from students, teachers and families.
The division confirmed Friday that the Hackers group demanded a ransom to recover the data, but said it was not paid. Then, the group announced the sale of personal information and photos of students, teachers and personnel returning to 2011 on the dark website, a part of the Internet that cannot be accessed with a traditional web browser.
When no one bought the data, the group uploaded them online.
The data that were possibly exposed include names, birth dates, confidential commercial data, personal health information and email addresses.
Colleen Peluso, who has three children in the division of the Pembina Trails school, says that some of his personal data were among the stolen information, along with that of thousands of other students and personnel.
“Every year, the Mothers Council of our school makes cybernetic charas and internet security, which I am going. I have tried to protect my family,” said Peluso.
The company found data on the dark website
Venarix, a Texas -based company that investigates and records cyber security incidents, said he decided to investigate the violation to obtain more information.
The company has no connection with the division of the Pembina Trails school, but found the division data on the Dark website and gathered a report on its website that included pixelated images of stolen information to help people learn about hack.
The Hackers group listed the 5.4 Terabytes of stolen data on online and sold it for 15 bitcoins, the equivalent of approximately $ 1.6 million.
Look | The computer pirates tried to sell stolen data from the division:
The Division of the Pembina Trails school was affected in December by a data violation made by a group of computer pirates known as Rhysida, which stole personal information from students, teachers and families, and then tried to extort more than $ 1.5 million of the South Winnipe School Division.
“Some of them will try to sell that data to someone else who is interested … just to get profits. If they sell them, others will simply eliminate it from their website as if they were not even there,” said Luciana Obregon, founder of Venarix.
“But if they could not sell it, they basically make it available for anyone to between and do what they want with it.”
The screenshots views by CBC show documents with names, birth dates, health information, email addresses and bank account numbers.
Initially, the division said that stolen information dates back to 2014, but since it also learned of a backup database, with information that dates back to 2011.
The Financial Crimes Unit of the Winnipeg Police Service is investigating.
The data of teachers and students “should never commit themselves,” said the president of the Society of Masters of Manitoba, Nathan Martindale, in a statement sent by email.
“There is no doubt that this will cause our members an extreme psychological stress.”
The division hired its own cybersecurity company to investigate. He is offering three years of a free credit monitoring service for current and previous personnel and is encouraging families to be attentive.
The divisions ‘do not understand how valuable’ are the data
It is believed that the group that claims the responsibility of the Winnipeg Ransomware attack is a criminal operation of Russia or Eastern Europe. Rhysida has also claimed attacks against government institutions in Portugal, Chile and Kuwait, according to The Guardian.
Pembina Trails was one of the many school divisions attacked throughout Canada. Obregon says he has found filtered data of 32 of them on the dark website.
Another victim of the same group that went to the Winnipeg Division is the Ontario Qualifications Evaluation Council, a group that evaluates the qualifications of the teachers for the purposes of salary categorization. It was affected by an attack last July that could have exposed confidential commercial data and personal information, some of which have been published on the dark website, Obregon said.
The executive director of QECO, Liz Papadopoulos, described cyber attack as a “painful matter” and said no financial information was stolen. All the impacted were contacted and the systems were insured, he said, but refused to make more comments.
Cybersecurity expert Hadis Karimipour said that ransomware attacks in schools and school divisions have become more common, since many focus on quickly digitizing things without taking into account security.
“They do not understand how valuable their data is and why cybercriminals would be interested. Therefore, they do not invest in it,” said Karimipour, president of Canada’s research in safe and resistant cybernetic systems and an associated professor at the University of Calgary.
These data can be extremely valuable for things like identity theft, he said.
Karimipour said that one of the easiest things than organizations such as school divisions can do to protect themselves is to invest in training for employees, help them recognize things such as phishing emails and learn how work systems can be compromised if they are connected with personal devices that have been violated.
“Unfortunately, humans are always one of the basically the source of the problem that gives the opportunity for cybercriminals to attack a great organization,” he said. “And people generally [make] Many mistakes. “
