back to article Cyber-extortionists pillage Colorado education dept

Data going back as far as nearly 20 years may have been stolen from the Colorado Department of Higher Education (CDHE) after ransomware extortionists breached the government body's IT systems. According to a security notice regarding the snafu, CDHE said it became aware of the intrusion on June 19 and believes the thief or …

  1. t245t

    The department has identified their ingress method

    The department also told us it has identified the gang responsible for the ransacking and their ingress method, but wouldn't share the details until its probe was complete.

    A phishing breech using a •·······• document containing an autorun macro that downloaded the rest of the payload.

    Once the investigation will be completed, CDHE will notify impacted by mail or email.

    Ye'wha ..

    High Impact Security Standards: The following summarizes the recommneded^sic security standards ..”

    1. ChoHag Silver badge

      Re: The department has identified their ingress method

      Was it telnet?

      1. CrazyOldCatMan Silver badge

        Re: The department has identified their ingress method

        Was it telnet?

        Yeah - port 25:


        MAIL FROM:

        RCPT TO:[some mugs address]


        [Various phishing content]


  2. Doctor Syntax Silver badge

    the US state's officials said they are "reviewing our policies and procedures and are working to implement additional cybersecurity security safeguards to further protect our systems,"

    I suppose there wasn't budget to have done this on a regular basis previously. And maybe not to do it more than this one time in the future.

  3. Kevin McMurtrie Silver badge

    Demanding money from a US school?

    It's clearly a foreign attack if the crims think they're getting more than 2 hours of bake sale profits.

    1. pdh

      Re: Demanding money from a US school?

      Schools may not have unlimited funds, but they generally have insurance. A couple of years ago there was a ransomware attack against a school district near where I live (in the US). The district's insurance company paid over $50,000 "to settle the matter." Local news said the school district had to pay a deductible (something like $20,000) and the insurance company paid the rest.

      No word in local media as to how much the district's insurance premium increased the following year...

  4. WolfFan Silver badge

    Fun times here

    I’m in Deepest South Florida. Locally, a city (Riviera Beach) and a major company (Publix Supermarkets) have been hit recently. Attempts were made on the Catholic archdiocese, the county school district, and the state college. (The archdiocese had imported a graduate of the Indian Institutes of Technology, who also happened to be from Goa… and was an ordained priest. The attack didn’t get far. The school district borrowed him, just in time to detect an ongoing attack and to kill it. The state college is massively paranoid; over the summer they have shut everything down twice over different weekends, to ‘improve security’, and now that school is out until the last week of August, everything is going to be again locked down starting this Friday for a week to ten days, it has to be back up again come the 21st.)

    I’m sure that there’s more, these are just the incidents that I know of for certain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like