Security Awareness Training Blog

    The Notorious Dark Overlord Mafia Escalates their Ransomware Threat

    Columbia Falls

    News has surfaced that the overseas Dark Overlord cyber mafia struck again and penetrated the Columbia Falls School Board system with ransomware. The seven-page ransom letter was filled with all kinds of sensitive details to the members of the school board and superintendent, demanding between 75,000 and 150,000 in Bitcoin.

    DarkOverlord did not stop there, and must have decided to go on a shock-and-awe campaign. The reinforced their demands by terrorizing the whole valley with:

    • sending graphic text messages to specific individuals
    • threaten to publish sensitive student information
    • threaten physical harm to people in large numbers
    • doing a local newspaper interview, asserting their demands

    “If you decide to not entertain us and agree to one of our win-win business propositions, we will escalate our use of force in a tiered process that will involve an ever increasing level of damage and harm for you,” DarkOverlord stated.

    The threats prompted widespread school closures across Flathead County on Sept. 14 and Sept. 15 and impacted roughly 15,700 students. Extracurricular activities and athletic events were canceled through the weekend.

    The hackers obtained information about past and present students, parents and staff members, including names, medical records, confidential reports, all email correspondence, phone numbers and addresses.

    “This person is only trying to gain power and self satisfaction through fear and intimidation,” Columbia Falls police officials said in an announcement. 

    Montana Flathead County Sheriff Chuck Curry released a statement explaining the details of the investigation and explained that the DarkOverlord was also responsible for other recent major hacks like entertainment companies. Curry said the FBI and other law enforcement continues to investigate the case. Classes have resumed across the Flathead Valley on Tuesday with heightened police presence.

    DarkOverlord threatened the following, this is an excerpt out of the seven-page letter:

    "We can go to the public with much of what we have. We can with great ease, put everything we have retrieved, from your district, on full display and cause you a tremendous amount of public embarrassment and humiliation.

    "What does that mean, you ask?

     

    "Imagine if we published all of your sensitive behavioural reports from your counselors and social workers on the open internet. Imagine if we published student grades and even the shoddy student work. How about nurse reports and private health information? What would the parents have to say about this? What sort of lawsuits would they begin?

     

    "What would happen if everyone found out the reason we closed down multiple districts and over thirty sites is due to your failure to secure your networks? Now, you may wonder if the parents would side with you when you publish media about how you're the victim and we're the baddy cyber-terrorists, but the truth of the matter is when these same parents are seeing their precious children's PII, school grades, mental health reports, behavioural discipline measures, and other extremely sensitive information being published online for all to see, how do you believe they will react?

     

    "How would the parents feel knowing all their fear and anxiety was caused by your own short comings. What if we to the media with more information?"

    I think this is the first time a letter like this has been made public. Their grammar and spelling seems to indicate they are in the UK, but that could be an elaborate false flag. Here is a link to a PDF with the redacted text of the letter.  (Or, cut&paste the PDF link to your browser: https://www.knowbe4.com/hubfs/Columbia_Falls_Ransomware_Letter-with-redaction.pdf)

    In the past, the DarkOverlord has mostly been penetrating their victim sites with spear phishing attacks.  I recommend you step all your employees through new-school security awareness training and put our free phish alert button on their email client. 

    Free Phish Alert Button

    When new spear phishing campaigns hit your organization, it is vital that IT staff be alerted immediately. One of the easiest ways to convert your employees from potential targets and victims into allies and partners in the fight against cybercrime is to roll out KnowBe4's free Phish Alert Button to your employees' desktops. Once installed, the Phish Alert Button allows your users on the front lines to sound the alarm when suspicious and potentially dangerous phishing emails slip past the other layers of protection your organization relies on to keep the bad guys at bay.

    Get Your Phish Alert Button

    Don't like to click on redirected links? Cut & Paste this link in your browser:

    https://www.knowbe4.com/free-phish-alert? 

    Source: Flathead Beacon

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe To Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews