DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

School districts in New Jersey and California join the list of ransomware victims

Posted on September 15, 2020 by Dissent

Schools are off to a rough start this year. Apart from grappling with edtech and security issues in light of the increased use of virtual learning, school districts are being increasingly attacked by ransomware groups. These ransomware threat actors pose a double threat:  they  not only encrypt a district’s system(s) to make functioning impossible unless a ransom is paid, but they may also exfiltrate copies of the district’s data before encrypting it on the server(s) so that even if a district can manage to recover from the attack by using  a backup, there is the threat that the attackers will dump personal and sensitive data on the dark web for everyone to grab.

Given that scenario and how much personal and sensitive information districts may maintain on their server(s), districts may find themselves between the proverbial rock and a hard place when a ransom demand is made.

Yesterday, this site reported on three school districts in Virginia, Ohio, and Nevada that had been attacked by Maze threat actors. Of note, the name of one of their victims, Fairfax County Public Schools, was removed from their list of “clients” on their leak site after the media started reporting on FCPS’s breach. The removal of a name from a list may indicate that the victim changed their mind or wound up paying ransom.

Let’s look at three more districts today, starting with two school districts in New Jersey that have also been attacked with ransomware since school reopened this month.

On September 10 and 11, Karin Price Mueller reported that after one day of classes, the Somerset Hills School District closed down their schools because of an “unexpected network disruption” that was later reported to be a ransomware attack. The district does not seem to have updated its status this week, and they did not reveal what type of ransomware was involved.

While Somerset’s attack was in the news on September 11, there was another NJ district that had allegedly also been attacked, but it was not in the news. It appears that we probably need to add Millstone Township School District to any list you may be keeping. Threat actors known as “Conti” have claimed that they are responsible for the attack on Millstone Township School District. That claim was made on Conti’s dark web leak site on September 11.

Millstone Township School District is a relatively small district comprised of three schools covering pre-K through grade 8 (middle school).  As proof of their claim attack, Conti uploaded 15 files. Those files relate to fairly routine district business. No personnel files containing sensitive information or files on students were included in the small data dump. These dumps are generally used to prove to victims that the attackers have data and if the victim doesn’t pay up, all of their files will dumped. It is often difficult for victims to determine exactly what or how much attackers were able to exfiltrate.

Because there has been no statement from Millstone on their web site about any attack nor any media coverage that I could find, DataBreaches.net sent an email asking them if they would confirm or deny Conti’s claims. No response has been received by time of publication.

Meanwhile, and as reported in the media today, Newhall School District in California canceled online classes yesterday and today after being hit with ransomware over the weekend. The type of ransomware was not disclosed.

Category: Breach IncidentsEducation SectorHackMalware

Post navigation

← SunCrypt ransomware threat actors claim theft of University Hospital New Jersey files
Two Alleged Hackers Charged with Defacing Websites Following Killing of Qasem Soleimani →

2 thoughts on “School districts in New Jersey and California join the list of ransomware victims”

  1. NL says:
    September 16, 2020 at 2:29 pm

    These poor districts are no match for Maze. Some can’t even secure their own websites:

    [link removed by DataBreaches.net] Millstone Township School District

    [link removed by DataBreaches.net] – Somerset Hills School District

    1. NL says:
      September 16, 2020 at 2:33 pm

      And they share login information like this:

      “For 2020-2021 bus schedule information please click here

      [link removed by DataBreaches.net]

      Note:

      · User Name is your child’s firstname.lastname with a period between the first and last name

      · Password is your child’s date of birth in the following format mmddyyyy with no spaces or dashes

      If you have any problems contact the Transportation Department at extension 7005

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.