Powerschool is warning that the hacker behind its December cyber attack is now individually taking out schools, threatening to release the students and teachers already stolen if ransom is not paid.
“Powerscoles know that a threat actor has reached many school customers, which is an attempt to get them out using data from the incident already reported,” Powerscool shared the bleppingComter in a statement.
“We don’t believe that this is a new event, as data samples match earlier data in December. We have reported the matter for law enforcement in both the United States and Canada and are working closely with our customers.
Powerscool apologized for the dangers caused by violation and said they would continue to work with customers and law enforcement to respond to forced recovery efforts.
The company also recommends that students and faculty take advantage of two years of credit monitoring and identity protection to protect them from fraud and identity theft. More information about this can be found in the company Safety incident fasting questions,
Powerscool also reflected on its choice to pay the ransom demand, saying that it was a difficult decision, but is expected to protect its customers.
“Any organization facing ransomware or data extortion attacks has a very difficult and consider during a cyber phenomenon of this nature. In the days after our discovery of the December 2024 incident, we decided to pay a ransom because we believed that it is in the best interest of our customers and students and students.”
“It was a difficult decision, and one that our leadership team did not make lightly. But we thought it was the best option to prevent data from being made public, and we realized that it was our duty to take this action. As always with these conditions, there was a risk that bad actors would not be able to remove the figures that they were stolen, despite the steps that were provided to us.”
Powerschool data breech
In January, PowerCool revealed that it faced a violation of its Power’s Customer Support Portal through compromised credentials. Using this access, the danger actors used a powerful remote maintenance tool to connect and download the powerscool database of the school district.
These databases have different information based on the district, including full names, physical addresses, phone numbers, passwords, parents’ information, contact details, social security numbers, medical data and grade.
Breach was initially discovered on December 28, 2024, but the company later revealed that it was violated using the same compromised credentials months ago, in August and September 2024.
As reported by Blapping Computer for the first time, the hacker claimed to steal data of 62.4 million students and 9.5 million teachers for 6,505 school districts in the US, Canada and other countries.
In response to the violation, Powerscool paid ransom to prevent public release of stolen figures and received a video from a danger actor, claiming that the data was removed. However, now it seems that the danger actor did not make his promise.
Safety experts and ransomware negotiaters have long advised against the ransom paying companies to prevent data leaks, as the danger actors are rapidly failing to maintain their promise to remove stolen data.
Unlike a decryption key, which companies can confirm the tasks, there is no way to verify adequately that data has been promised.
It was recently seen in the Change Healthcare Rainmware attack of United Health, in which he paid ransom to the Blackcat Rainmware Gang to get a decrypter and did not leak data.
However, after Blackcat pulled out a exhaust scam, affiliated behind the attack said that they still have data and once again evacuated the United Health.
It is believed that United Health once again paid each other ransom to prevent the leaks of data.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
