A threat actor selling personal data belonging to millions of US students after the cloud-based data firm Snowflake was hacked has lowered their $2 million bitcoin ransom demand to just $150,000, reports HackManac.
In a threat, issued early on Tuesday, the actor known as Sp1d3r said, “Warning to LASchools/Edgenuity: Pay in 7 days or we leaking student details.”
At this point, they said they wanted 30 bitcoins to not release the stolen information.
However, in an updated demand, posted barely a day later, the ransom amount had been dropped to just $150,000, which it appears they want to be paid in US dollars.
The stolen details include names, addresses, demographics, financials, medical information, performance scoring, discipline details, and parent and student login details. Students affected reportedly range from kindergarten to the 12th grade.
However, there appears to be some confusion over where exactly this information has been stolen from. In addition to the lower ransom amount, the second note switched out LASchools with LAUSD.net. Not only this but Edgenuity has flat out denied that any of its data was stolen.
An Edgenuity spokesperson told Protos, “Edgenuity is not aware of any data or information that has been stolen or leaked as a result of any hacking activity of LAUSD.”
“This has been confirmed by both LAUSD and Snowflake,” the spokesperson added.
Bloomberg reported that ransoms between $300,000 and $5 million have been demanded from 10 companies that rely on Snowflake’s infrastructure, including Ticketmaster, Advanced Auto Parts, and Santander.
Google’s Mandiant security has attributed Snowflake’s hacking to the group ‘UNC5537’ and is investigating its possible collaboration with ‘Scattered Spider.’
Spanish police arrested the alleged leader of the Scattered Spider group this week. Authorities say the 22-year-old British national is thought to have made roughly 391 bitcoins worth around $26 million, through cybercrime.
Read more: Crypto ransom group LockBit leaks stolen pharmacy staff data
Reports from Wired, however, indicate that Ticketmaster’s data was actually stolen by the hacking group ShinyHunters. The group previously hacked one of India’s biggest crypto exchanges, BuyUCoin.
A senior analyst at the security firm ReliaQuest told Wired over a week ago that it’s unsure if Sp1d3r is legitimate or not. He said, “The threat actor’s profile picture is taken from an article referencing the threat group Scattered Spider, although it is unclear whether this is to make an intentional association with the threat group.”
Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.
Update June 19, 17:08 UTC: Updated article to reflect the hacker’s new demands, the source of the data changing from LASchools.net to LAUSD.net, and Edgenuity’s claims that no data has been leaked through LAUSD and Snowflake.
Read More: Snowflake student data seller lowers $2M bitcoin ransom demand to $150K
Disclaimer:The information provided on this website does not constitute investment advice, financial advice, trading advice, or any other sort of advice and you should not treat any of the website’s content as such. coinzoop.com does not recommend that any cryptocurrency should be bought, sold, or held by you. Do conduct your own due diligence and consult your financial advisor before making any investment decisions.