The Minneapolis Public Schools (MPS) district is currently facing an extortion attempt. It is from the Medusa ransomware gang. They are demanding a $1 million ransom to delete data that was allegedly stolen in a ransomware attack. The threat actors have listed MPS as a victim of its Tor data leak site. They are threatening to publish all data they claim to have stolen from the public school district. The deadline date given is by March 17, 2023.

Medusa Ransomware Gang

The Medusa ransomware gang is a relatively new group. It came to light in 2021. It saw a significant spike in malicious activity in 2023. This group is different from the MedusaLocker ransomware group.

The unusual method of providing proof

This extortion attempt stands out because the threat actors created a video showing all of the data allegedly stolen. This rather unusual and bold method provides proof of access to the victim’s systems. It has the potential to reach a large audience compared to the standard practice of hosting screenshots on Tor sites. The video is approximately 51 minutes long and is the first time this tactic has been used publicly.

Minneapolis Public School’s response to Medusa Ransomware Gang attack

The Minneapolis Public School district has announced that it will not be paying the $1 million ransom demand. It will instead restore the data encrypted by the ransomware actors using internal backups. MPS has also stated that its investigation has so far not yielded evidence of unauthorized access. It has not found any evidence that any data accessed has been used to commit fraud.

However, considering that a week has passed since the announcement and Medusa has now publicly delivered its threat to leak sensitive data, MPS might provide an update on potentially stolen data soon. MPS has warned its students and over 4,500 teachers and staff about the elevated risk of phishing attacks and scamming attempts against them due to this breach.

To summarize

The Minneapolis Public Schools district is currently facing an extortion attempt from the Medusa ransomware gang, who are demanding a $1 million ransom to delete data that was allegedly stolen in a ransomware attack. MPS has announced that it will not be paying the ransom demand and will instead restore the data encrypted by the ransomware actors using internal backups. MPS has also warned its students and staff about the elevated risk of phishing attacks and scamming attempts due to this breach.