Criminals make student data public in escalating demands for ransom

In a world where everything is hackable and nothing off limits, cyber criminals are now targeting schools, stealing student data and holding it for ransom.

Last month, the U.S. Department of Education warned that hackers were targeting schools with weak cyber security and known vulnerabilities, threatening to release sensitive student information unless a ransom is paid.

"In some cases, this has included threats of violence, shaming, or bullying the children unless payment is received," the warning said.

Related: This 13-Year-Old Hacker Has Found Bugs at Some Top Tech Companies

A dilemma on how to handle hackers

Steve Bradshaw, school superintendent in Columbia Falls, Montana, a quiet town nestled at the foot of Glacier National Park, said he received messages in September from an anonymous person who mentioned "splattering blood all over the hallways."

Bradshaw turned over the alarming messages to local law enforcement.

"The threats were mostly about killing children -- and graphic ways that they were going to kill the children," Columbia Falls Police Chief Clint Peters told NBC News.

When it was evident that the person or group sending the messages was after a ransom in exchange for not releasing student social security numbers, phone numbers and addresses, law enforcement officials began trying to negotiate with the cyber criminals over their demands.

RELATED: Cybersecurity tips

9 PHOTOS
Cybersecurity tips
See Gallery
Cybersecurity tips

KEEP YOUR PASSWORDS STRONG AND VARIED

If your password is easy for you to remember, then it'll be easy for hackers, too. Try using symbols, numbers and capital letters throughout your passcode. Also, experts suggest you use different passwords for different accounts. 

(Shutterstock)

EMPLOY TWO-STEP AUTHENTICATION

Add another layer of security by having another code sent to your phone number before you can sign in.

(Luis francisco Cordero via Getty Images)

BEWARE OF PUBLIC WIFI

If you're traveling, verify with the coffee shop or hotel that the wi-fi name is valid -- many cybercriminals set up networks with similar names to popular spots. You can also set up a private VPN that encrypts all of your data that passes through the network.

(martiapunts)

COVER YOUR TRACKS

Wipe your hard drive clean before giving away, recycling or throwing out your old laptop or computer.

(Jonathan Kitchen via Getty Images)

DON'T LEAVE YOUR DEVICES UNATTENDED

That's just asking for trouble!

(Aping Vision / STS via Getty Images)

BEWARE OF MYSTERIOUS URLS IN EMAILS

Don't ever click on URL from an unidentified or sketchy looking email. 

(Just One Film via Getty Images)

COVER YOUR WEBCAM 

FBI director James Comey suggests placing a piece of tape over your webcam when you're not using it. If that doesn't convince you, note that Mark Zuckerberg is known to do the same.

KEEP YOUR SOFTWARE UP TO DATE

Hackers target vulnerabilities in software, which are often resolved in software updates, so stop hitting the "ignore" or "remind me later" button!

HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

Particularly alarming was the discovery that the group had hacked the school's security cameras and could watch their every move.

After a rash of attacks across the country, the FBI is asking school districts to make cyber security a priority.

In Columbia Falls, Bradshaw's team met with families, consulted with the FBI, and ultimately made the decision to not pay the hackers.

That was followed by more threatening texts.

"It's about power and it's about fear," Bradshaw told NBC News. While he made the choice not to pay, he said he dreads the thought of the hackers dumping student information.

"Will they dump this information? Will they impact some child to the point that that child could be emotionally damaged for the rest of their life?" he said.

Why schools are easy targets

With many school districts across the country facing tight budgets, cyber security is often an after-thought, according to experts.

"Schools are vulnerable for a variety of reasons," said Shawn Henry, chief security officer of Crowdstrike and former assistant director of the FBI.

"First of all, their security is not always up to par and that's because they don't have a high budget in order to invest in security protocols," he said. "But they also have information that's of value and people want to protect children."

The Department of Education is encouraging schools to conduct security audits and to train staff on cyber security best practices, including how to avoid being targeted by social engineering schemes, such as fake emails that look real but, if clicked, can provide hackers access into the school's system.

Cyber security "needs to be a budget item every year," said Howard Marshall, a spokesman for the FBI. "At the end of the day, they are protecting the country's most important assest and resource - and that's our children."

But for now, parents like Amy Squires, the mother of a kindergarten student in Columbia Falls, are on edge about what the hackers' next move could be.

"Why is this happening to us?" she said. "A lot of us, as parents, are kind of wondering what's happening next."

Read Full Story

Sign up for Breaking News by AOL to get the latest breaking news alerts and updates delivered straight to your inbox.

Subscribe to our other newsletters

Emails may offer personalized content or ads. Learn more. You may unsubscribe any time.