DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Broward County Public Schools Cyberattack was Ransomware Attack — New Details Emerge

Posted on March 27, 2021 by Dissent

Earlier this month, Broward County Schools disclosed a cyberattack that sounded pretty serious.  But there did not seem to be any follow-up in the media or on their web site to explain exactly what had happened and with what impact.

Broward County Public Schools

Now threat actors have leaked what appear to be ransom negotiations with the district.

A screenshot of a chat log shows what happened when Broward reached out to the threat actors approximately two weeks ago to inquire what the district would need to do to get their files back.

The representative for Conti told Broward that they had encrypted Broward’s servers and exfiltrated more than 1 TB of data files that included personal information of students and employees as well as other district files such as contracts and financials.

But the shocker — and it was a shocker — is that Conti was demanding $40 million from the district.  Had Conti got someone psychotic in charge of determining ransom amounts? What on earth were they thinking, right?

Chat Log

According to Conti, however, they had researched the district and found that the district had more than $4 billion in revenue, so the $40 million demand was reasonable.

The negotiations didn’t improve from there. The Broward representative kept trying to get through to Conti that they are a public school district and that there is no way they have that kind of money.  Conti’s response at one point was to offer them a discount if they paid $15 million within 24 hours. Unsurprisingly, that didn’t happen.

The negotiations got even weirder to read the next day, when the Broward representative continued to try to get Conti to understand that this was a public school district and they didn’t have that kind of money or even any bitcoins.

At one point, Conti’s negotiator replied:

You are not a school, we know who you are and what you have. If you will not pay today 15M$ you will lost your profit from this school and be sure you will lose your reputation in this sphere.

And when the Broward representative insisted they were a school, saying “What else would we be?”  Conti replied:

Guys, you were hired by the Broward Schools and we know exactly who you are.

Later, Conti would add:

We paid and hired the outsource-company and we know exactly that your recovery-company received a wire transfer from Broward(bankofamerica), that’s why we are ready to agree to 10M$.

The Broward spokesperson denied any knowledge of any recovery company, but indicated that they would speak to their superiors and ask them about any recovery company.  Almost 24 hours later, Broward made an offer of $500,000  but did not address Conti’s claim that the individual was with a recovery company and had received a $10M wire transfer.

The preceding is just a small sample of the chat that appears to have begun approximately two weeks ago.  The fact that the threat actors uploaded the chat logs — presumably to try to pressure Broward, means that negotiations broke down.

At first blush, the chat log does not make Conti look very professional as threat actors. The Broward representative appeared to be understandably stunned and quite correct in claiming that Conti seemed to have no understanding of funding for public school districts or how the funds could be used.  Had Conti said something like, “Look, we read your cyberinsurance policy and we know you have coverage to pay us $XYZ, ” then that would have been one thing.

Of course, if they were telling the truth — that they knew that Broward had hired a specific firm and that there really was a wire transfer and authorization to pay them $10 million, then they just look smart/efficient, and it’s a reminder to victims NOT to communicate via email or ways that the threat actors can access if they are still in your network.

The chat log ends after Broward reiterated that the district only has money sent to it by the government and they had approval to offer Conti (only) $500,000.  Conti did not respond, but then uploaded the chat logs.

There are many who will be upset with that $500,000 offer — or that there was any offer at all.

In any event, this story is likely not over.  Will Conti dump files? Will the district increase the offer?  DataBreaches.net has reached out to Broward Schools to ask them to respond to some of the threat actors’ claims and will update this post if a response is received.

 

 

 

Category: Commentaries and AnalysesEducation SectorMalwareOf NoteU.S.

Post navigation

← NC: Lexington Medical Center discloses vendor’s patient records data breach
Ca: Simon Fraser University sued over recent data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up
  • U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams
  • Victoria’s Secret takes down website after security incident
  • U.S. Government Employee Arrested for Attempting to Provide Classified Information to Foreign Government
  • St. Cloud Provides Update on Ransomware Attack in 2024
  • Bradford Health Systems detected abnormal network activity in December 2023. They first sent out breach notices this week.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans
  • The US Is Storing Migrant Children’s DNA in a Criminal Database

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.