UPDATE – 08.10.2023 at 3:30PM
We have received a response from the Medusa ransomware group regarding the amount of data stolen during the cyberattack on Emerson Public School District IT systems.
Medusa let us know that the amount of documents in their hands is 2TB, they also confirmed the ransom price is $100,000. Another significant file that Medusa has uploaded to her blog, and that anyone can get hold of, is the one relating to the file tree which makes us understand the enormous amount of documents exfiltrated from the servers of the School District, 1.028.490
From the list of file names we have seen, we can imagine that some of these could refer to further medical data. The two examples below are from a staff member at Patrick M. Villano Elementary School
Emerson's schools\Emersons_5\!REMOVED STAFF\[REDACTED]\Administrator Files\Personal\[REDACTED] Medical Records from Dr. [REDACTED].pdf Emerson's schools\Emersons_5\!REMOVED STAFF\[REDACTED]\Administrator Files\Personal\Dental overview [REDACTED].docx
More examples of sensitive document names we found in the file tree
Emerson's schools\Emersons_5\[REDACTED]\ALL STAFF FOUND FILES\!PDFs\Certificate of Insurance Cancer Walk 10-5-19.pdf Emerson's schools\Emersons_5\[REDACTED]\ALL STAFF FOUND FILES\!PDFs\insurance card.pdf Emerson's schools\Emersons_5\[REDACTED]\My Documents\My Scans\Insurance Card Front and Back.pdf Emerson's schools\Emersons_1\staff2\[REDACTED]\My Documents\[REDACTED]\[REDACTED]\SpainANDmore\insurance_card.pdf
Finally we wonder why there are still documents on the School District’s servers dating back to 2000
Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\Book4.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\PERS100.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\PERS200.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\PERS300.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\PERS400.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\TPAF100.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\TPAF200.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\TPAF300.xls Emerson's schools\Emersons_5\!REMOVED STAFF\New_kce\!!!!LO1 Server Files\PENSION\!Previous Years\2000\TPAF400.xls
The attacks against American educational institutions do not stop, the latest to have undergone the exfiltration of data from their IT infrastructures is Emerson Public School District in Bergen County, NJ. For the deletion of data exfiltrated from the School District’s servers, the cybercriminals demanded a ransom of $100,000 in bitcoins.
In the 2021-2022 year Emerson Public School District projected a total of 1087 students distributed among the three schools, Memorial Elementary School (364, grade span PK-3) – Patrick M. Villano Elementary School (232, grade span 4-6) – Emerson Junior-Senior High School (461, grade span 7-12), Medusa is the ransomware group responsible for the cyber attack.
Medusa last July had already hit the educational institution St. Landry Parish – Opelousas, LA a School District with 12143 students in the 2021-2022 school year.
Among the documents exfiltrated and published as proof on the cybercriminal blog we found several sensitive files such as teachers’ pay slips, students’ and teachers’ full names, telephone numbers, complete addresses, administrative documents, email accounts and above all a file with photos of dozens of pupils and their full names as well as a file describing the various allergies from drugs or medical therapies in progress.
As we wrote previously, among the documents published by Medusa there is also the list of Emerson Public School District teachers with full names, full addresses, telephone numbers and their qualifications
Prior to the publication of this article, we contacted both the School District and the cybercriminal group but neither would provide a statement on the matter.
SuspectFile.com will update the article in case of new items.