A ransomware gang, dubbed Medusa, has publicly released a roughly one-hour-long video containing stolen data from the Minneapolis Public School (MPS) District — with a demand of $1 million in payment in exchange for the data’s deletion.

The video, shared on the American video-sharing platform Vimeo, came after Medusa listed the school district as one of its victims on its proprietary Tor data leak site. The ransomware gang provided a deadline of March 17 for the payment to be made, though it said it was willing to accept equal amounts of payment for the same data from additional buyers in the meantime. 

The video was first brought to the world’s attention by Brett Callow, threat analyst at Emisoft, who, back in September, also shared screen captures of threats from the Vice ransomware gang threatening to leak data from the Los Angeles Unified School District (LAUSD).

“Medusa has uploaded a ~51 minute video to Vimeo which shows screenshots of the data they claim to have stolen from #MPS. It’s the first time recall seeing this particular tactic. #ransomware,” Callow posted in a tweet, alongside a screen capture of the Vimeo leak.

Though an MPS systems notice stated that the ransom has not yet been paid, and that there’s no “evidence that any data accessed has been used to commit fraud,” concerns about the level of cybersecurity regarding personal identifiable information (PII) of students in K-12 school districts abound, as attacks on student data continue to be ongoing. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Source: www.darkreading.com