Cyber Incident Victim: Broward County Public Schools
Date:
Mar 2021
Location:
United States of America
Summary
Broward County Public Schools experienced a ransomware attack by the Conti group, which encrypted servers and exfiltrated over 1 TB of sensitive data including student and employee personal information, contracts, and financial records. The attackers initially demanded $40 million in ransom, citing the district’s revenue, but later reduced demands to $15 million and then $10 million, falsely claiming the district had transferred funds to a recovery company. The district denied these claims and countered with a $500,000 offer, emphasizing its status as a publicly funded institution with limited resources. Negotiations collapsed, leading Conti to leak chat logs detailing the exchange, though no confirmed data release occurred at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early March 2021, Broward County Public Schools experienced a ransomware attack attributed to the Conti cybercriminal group. The attackers encrypted the district’s servers and exfiltrated over 1 terabyte of sensitive data, including personal information of students and employees, contracts, and financial records. Conti initiated ransom negotiations by demanding $40 million, justifying the amount by citing the district’s publicly reported annual revenue exceeding $4 billion. Broward representatives engaged in chat-based negotiations, emphasizing their status as a publicly funded institution incapable of meeting such demands. Conti countered by offering a reduced ransom of $15 million if paid within 24 hours, which the district rejected as unfeasible. The attackers persisted, accusing Broward of operating through a third-party recovery firm and alleging a $10 million wire transfer had been authorized for ransom payment. District officials denied hiring any external recovery company or authorizing such payments.
Negotiations continued with Broward maintaining its inability to pay exorbitant sums, ultimately offering $500,000 as a compromise. Conti dismissed this proposal and terminated communications, subsequently leaking the chat logs to pressure the district. The leaked logs revealed Conti’s threats to release stolen data and damage the district’s reputation unless paid. Broward’s public statements focused on clarifying its financial constraints as a government entity and refuting claims of third-party involvement in negotiations. The incident exposed vulnerabilities in the district’s network security and raised concerns over the potential misuse of exfiltrated personal data. Conti’s failure to secure payment led to an unresolved standoff, with no confirmed data leaks reported at the time of the article’s publication on March 27, 2021. The district faced operational disruptions from encrypted systems but did not disclose specific recovery timelines or costs incurred.