Conti ransomware is claiming responsibility for a ransomware attack on the Broward County school district where they requested a $40 million ransom payment. Broward County’s school district is one of the largest in the United States.

In an alleged screenshot communication between a district representative and Conti threat actors, Conti operators explain they’ve researched the district’s revenue and the request can be affordable. This research is a staple of Conti’s processes as they work to convince victims to pay the ransom.

In typical negotiation, Conti aims much higher than they actually expect to receive as the request was eventually lowered to $10 million which is much higher than the $500,000 the district was willing to pay.

Conti ransomware is delivered at the end of a series of payloads that use DLL injections to drop their ransomware directly into memory. Because of this, it’s difficult to analyze and extract as there is no evidence of the ransomware left behind. Conti is also known to utilize a very fast encryption process to ensure they can lock victim files before being noticed.

$40 million is the second highest public ransom demand besides the $50 million from REvil ransomware, although, ransom requests this high will rarely be carried out.

The education sector has been targeted at many levels recently with the Harris Federation, US Universities, and now Broward County’s district. With the abundance of personal information stored on school networks, it’s likely threat actors won’t stop targeting them any time soon. Many educational institutions will still have their learning done online through the end of the school year, and this is a primary factor in the increase of attacks in education.

Executives and board members need to consider cybersecurity for the protection of their student and employee information. SpearTip’s 24/7 security operations center will solve all security issues that arise from the transition to online learning and can provide continuous monitoring even when school is not in session or IT teams aren’t available. Having a team watching over your network for malicious activity at all times is the one way to ensure you won’t be dealing with a $40 million ransom demand.

The continuous monitoring our security engineers provide is accompanied by an endpoint detection and response tool, ShadowSpear®, which can spot threats before they have a chance to reach machines. ShadowSpear® will notify our engineers of these threats so they can properly mitigate and ensure your organization doesn’t have any issues operating at full capacity. The investment in SpearTip’s SOC and ShadowSpear® Platform shows instant value upon deployment.