Update: Files that appear to be from Janesville School District appear on a Russian-language forum

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

Janesville School District in Wisconsin was fairly forthright this week about being hit by a ransomware attack. But while they denied receiving any ransom note, and initially claimed that no data had been accessed or destroyed, some data that appear to be from the ransomware attack were posted today on a popular Russian-language forum.

A user calling themself “Garrett” posted messages addressing Dr. Robert Smiley, the Chief Information Officer for the district.  The first message read:

Bob Smiley is your fault, you played the fool and played it out.
I am spreading the data of this sharaga card, get in touch, we do not bite, ignoring it every day – draining something important. You play a school for the poor, but you yourself .. well, by the way, you yourself know who sends budget money and where. These children will not be affected, unlike your guys.

With love, a punisher of schools named Garrett (C)

What followed were some screencaps of files that appear to have been from the District. The screencaps revealed district account numbers, and a deposit for a student field trip to a show.  Another screencap with a list of students was redacted.

Garrett  seemed to be accusing someone of making personal purchases on Amazon.com using the district’s account.  There was no proof provided of that, however.

At this point, though, the district is seemingly on notice that  Garrett intends to punish the school, although Garrett does not indicate what their demand is.

The most recent update on the district’s web site makes no mention of any of this or any data having been stolen. DataBreaches.net has sent an email inquiry to the district to find out if they were aware of today’s development and what their response is.  This post will be updated if a reply is received.

Read more