Latest news with #Rhysida
Yahoo
25-04-2025
- Yahoo
Sumter County Sheriff's Office in final stages of recovery after Russian ransomware attack
Nine months after a ransomware attack took the Sumter County Sheriff's Office completely offline, 9 Investigates is getting an inside look at the hit the agency took. 9 Investigates first brought you the story last August after a Russian criminal group, Rhysida, claimed responsibility for the cyber-attack. The agency is now in its final phases of recovery. 'Witness statement, victim statements, things of that nature are all having to be re-entered into the computer system as well,' said Michelle Keszey, Sumter County records manager. Keszey in part oversees the large project of typing up, scanning and uploading records from the four months the agency relied on just pen and paper. 'There were approximately 1,500 crash reports that took place during our time down. And she is averaging about 10 a day,' Keszey said. 'Until the system was safe to be scanned in so it kind of just stacked up,' said Sheriff Pat Breeden. Sheriff Breeden took office that November while the agency was still offline. 'Our newer deputies are used to doing everything electronically,' Breeden said. 'Well now we're back to handwriting reports and we're handwriting tickets,' he said, recalling the challenges over the four months. This was after Rhysida claimed to have infiltrated the agency's system in August 2024. 'We started having some problems with our dispatch one night and dispatch is like, some stuff's not working, something's not right,' Breeden said, Authorities later discovered the hackers got in from an external hard drive infected with a virus that an employee brought in. 'We discovered that this had actually been brought in several months prior to the hack and it just kind of sit there in limbo waiting,' Breeden said. Rhysida posted on the dark web, claiming they stole nearly a terabyte of data. They claimed the data would end up on the dark web, if the Sheriff's Office didn't pay their ransom, seven bitcoins or about $425,000. 'How scary of a time was that for you guys?,' Webb asked. 'I was very scared because, you know, we have employees and we have citizens' information,' Breeden said. The Sheriff's Office told us they didn't believe the cybercriminals ever uploaded the stolen records to the dark web. 'They have available for download, they claim 839 gigabytes of data across over 160,000 files,' said Luke Connolly, threat intelligence analyst for Emsisoft. 'That could easily go back decades, especially for a small town sheriff.' Connolly says it's highly likely the hackers had extended access to the Sheriff's Office database based on the amount of data they claim to have released. He says the hackers aren't charging for downloads of the stolen material. Our sources did not download the data that the hacker group claimed to have stolen because of the ethical concerns and also the risk of downloading malware. With that, we don't know what all this data could potentially include, including social security or banking information. The Sheriff's Office says authorities are looking to prosecute the Russian group responsible. Now, the agency is in it's final stages of recovery. Breeden says the most challenging time was when authorities were working to confirm hackers no longer had access to the agency's system-- what the Sheriff described as 'cleaning house.' 'The hardest part was to analyze everything to make sure our systems are now safe to go back online. So, doing that, we have to backlog everything we did in that time period, let's say between August and now. So everything's on paper.' Connolly says the hackers likely were not targeting the Sheriff's Office, but there are records of value in the agency. 'Money, information, you know, they get anything they can because if they can get people's identities, they're looking to do identity theft, they are looking to steal anything they can to make a dollar,' Breeden said. The Sheriff also says they are retraining employees on cybersecurity. They're now almost back to what they were before August 2024, and the Sheriff's Office says they're now even stronger. Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
CBC
11-04-2025
- CBC
Hackers tried to sell Pembina Trails School Division student, staff info on dark web
Social Sharing Photos of valid passports, staff payroll information and credit card statements were among the nearly 1 million files uploaded onto the dark web after a recent ransomware attack by a hacker group on a south Winnipeg school division. The Pembina Trails School Division was hit in December by a data breach carried out by a hacker group known as Rhysida, which stole personal information of students, teachers and families. The division confirmed Friday the hacker group demanded a ransom to get the data back, but said it wasn't paid. The group then advertised the sale of personal information and photos of students, teachers and staff going back to 2011 on the dark web — a part of the internet that can't be accessed with a traditional web browser. When no one bought the data, the group uploaded it online. The data that was possibly exposed includes names, dates of birth, confidential business data, personal health information and email addresses. Colleen Peluso, who has three children in the Pembina Trails School Division, says some of their personal data was among the information stolen, alongside that of thousands of other students and staff. "Every year, the parent council at our school does cybersecurity and internet safety talks, which I go to. I've tried really hard to protect my family," Peluso said. Company found data on dark web VenariX, a Texas-based company that investigates and records cybersecurity incidents, said it decided to investigate the breach to learn more. The company has no connection with the Pembina Trails School Division, but found the division's data on the dark web and put together a report on its website that included pixelated images of the stolen information to help people learn about the hack. The hacker group listed the 5.4 terabytes of data stolen from Pembina Trails online and was selling it for 15 bitcoins — the equivalent of roughly $1.6 million. WATCH | Hackers tried to sell data stolen from division: Hackers tried to sell info after Pembina Trails School Division cyberattack 48 minutes ago Duration 2:10 The Pembina Trails School Division was hit in December by a data breach carried out by a hacker group known as Rhysida, which stole personal information of students, teachers and families, and then tried to extort more than $1.5 million from the south Winnipeg school division. "Some of them will try to sell that data to somebody else that is interested … just to make a profit. If they do sell it, some will just remove it off their website like it wasn't even there," said Luciana Obregon, who works with VenariX. "But if they weren't able to sell it, they basically make it available for anybody to go in and do whatever they want with it." Screengrabs viewed by CBC show documents with names, birth dates, health information, email addresses and bank account numbers. Initially, the division said the stolen information dated back to 2014, but it's since learned a backup database was also accessed, with information going back to 2011. The Winnipeg Police Service's financial crimes unit is investigating. Teacher and student data "should never be compromised," Manitoba Teachers' Society president Nathan Martindale said in an emailed statement. "There's no doubt this will cause our members extreme psychological stress." The division hired its own cybersecurity company to investigate. It's offering three years of a credit monitoring service at no cost to current and former staff and is encouraging families to be vigilant. Divisions 'don't understand how valuable' data is The group claiming responsibility for the Winnipeg ransomware attack is believed to be a criminal operation from Russia or eastern Europe. Rhysida has also claimed attacks against government institutions in Portugal, Chile and Kuwait, according to the Guardian. Pembina Trails was one of many school divisions attacked across Canada. Obregon says she's found leaked data from 32 of them on the dark web. Another victim of the same group that targeted the Winnipeg division is the Qualifications Evaluation Council of Ontario, a group that evaluates teachers' qualifications for salary categorization purposes. It was hit by an attack last July that may have exposed confidential business data and personal information, some of which has been posted to the dark web, said Obregon. QECO executive director Liz Papadopoulos described the cyberattack as a "painful matter" and said no financial information was stolen. Everyone impacted was contacted and systems were secured, she said, but she declined to comment further. Cybersecurity expert Hadis Karimipour said ransomware attacks on schools and school divisions have become more common, as many focus on quickly digitalizing things without keeping security in mind. "They don't understand how valuable their data is and why cybercriminals would be interested. So they don't invest in it," said Karimipour, Canada Research Chair in Secure and Resilient Cyber-Physical Systems and an associate professor at the University of Calgary. That data can be extremely valuable for things like identity theft, she said. Karimipour said one of the easiest things organizations like school divisions can do to protect themselves is to invest in training for employees, helping them to recognize things like phishing emails and learn how work systems can be compromised if they're connected to personal devices that have been breached.
