Montana high school hit by ransomware

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Another day, another attack on public schools to report. Today’s report concerns Beaverhead County High School in Montana, which was reportedly hit by Avos Locker.

The threat actors added the listing to their dark web leak site on November 20, but do not state when the attack actually occurred. As proof of claim, Avos Locker uploaded a few files — only 1 of which appears specific to BCHS: procedures to be followed in the event of an on-field injury during an athletic event.

No personnel data was provided as proof.

No student data was provided as proof.

From their listing, Avos Locker is clearly aware that this is a tiny school district with only a few hundred students and less than two dozen teachers. And yet they are trying to ransom them. Avos writes: “If they refuse to negotiate, we will leak all the data we’ve got.”

DataBreaches.net sent an inquiry to Avos Locker earlier today requesting more information on what they claim to have exfiltrated and to ask why they are trying to extort a small public school, but has received no reply as of the time of publication.

The high school’s website has a feed of news announcements. One of them, from 20 days ago, said:

ALL, THE SCHOOL EMAIL SYSTEM IS DOWN SINCE SUNDAY AND WILL BE DOWN FOR SOME TIME. PLEASE CALL THE SCHOOL IF YOU NEED TO REACH US. MORE INFORMATION TO FOLLOW BY ROBO CALL.

There was no transcript of any robocall concerning the email system in section of the site that had other robocall transcripts. The agenda for the November 12 school board meeting included discussion of a disruption to the district’s computer system and possible actions to consider, but there are no board meeting minutes online to provide any details as to what was said or decided.

Earlier today, DataBreaches.net also sent an email inquiry to the Assistant Principal who had posted the email outage notice to ask for more details and an update. No reply has been received as yet.

This post will be updated if any reply is received from either the threat actors or the school.

Read the article