A cyber gang called Medusa claims to have stolen sensitive records from the Minneapolis Public Schools and published them on the dark web after the district failed to pay a $1 million extortion demand. However, attempts to download the files have been unsuccessful, with the gang redirecting users to an encrypted instant-messaging protocol. The files may become available online after a brief lag, as has been the case with previous Medusa victims. The district is working with cybersecurity specialists to determine the full scope of the breach and has stated that it will contact affected individuals directly. The stolen records may contain sensitive information about students and staff, including student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment, and sex offender notifications. The file tree suggests that the trove of stolen records is extensive, with over 172,000 individual records totaling 157 terabytes.
Following the expiry of the ransom deadline set by the Medusa gang, the files stolen from Minneapolis Public Schools were not immediately available for download on their dark web leak site. Users were instead directed to contact the gang via an encrypted instant-messaging protocol by clicking a “Download data now!” button. The gang’s previous victims’ files are available on a website that imitates a technology news blog, which acts as a front of sorts. The files are posted about a month after the ransom expires, suggesting that the Minneapolis files could become available online after a brief lag. However, as of Monday afternoon, the files purportedly stolen from the Minneapolis district were not available for download on either platform.
The district has issued a statement acknowledging that the threat actor has released certain MPS data on the dark web and is working with cybersecurity specialists to download the data securely for an in-depth and comprehensive review. The review will determine the full scope of what personal information was impacted and to whom the information relates. Medusa’s brief video preview of the stolen files showcased information on student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment, and sex offender notifications. Based on an examination of the file tree, the stolen records appear to be substantial, comprising over 172,000 individual records, including large backup files. The total size of the files is a staggering 157 terabytes, although it is uncertain how much of the data contains personally identifiable information or other sensitive details.