Hackers Demanded $1 Million In Ransom From Pennsylvania Private School

Media Division | December 18, 2014

Cyber criminals demanded $1 million from Pine Forge Academy in Berks County, Pennsylvania. Nicole Falconer, the rural boarding school’s principal, received an anonymous email on December 16th saying that hackers would attack the school’s network and other property upon failure to pay the funds. This is the first known cyber threat to a Seventh-day Adventist educational institute.

We have no information about why this monetary ransom was made,” stated Falconer in a statement. “The school authorities are cooperating with police authorities as they investigate this matter and will keep us posted on any further developments.”

The police have opened an investigation upon notice.

The email also revealed that unspecified academy alumni made a $900,000 offer to carry out the cyber attack and the hackers would not resume the attack if the school paid $1 million. The hackers said that they have successfully attacked 57 other institutions and were working for ‘Heart of the People’. Falconer reported the threat to the police immediately.

“The authorities reviewed the message, circulated the premises, and determined the facility to be safe, and advised the school to remain diligent in all safety protocols and procedures,” said a statement on the school’s official site. “Parents received alerts regarding police visitation.”

The Pennsylvania State Police has a cyber crime unit, and more police forces are dedicating resources to cyber investigations because they acknowledge that is the new forefront where crime is happening.

The Adventist Church’s top educational official for North America, Larry Blackmer, said he would notify other church educational institutes and leaders about Valley Forge Academy’s situation.

State police have begun the investigation, and once the source of the threat is detected, the persons or person will face a series of serious charges. They advised the school to follow all safety procedures and protocols.

The rise of cyber crime against educational institutes

Educational institutes have been a rising target for cyber criminals this year. The Identity Theft Resource Center reported 56 percent online security breaches at US public and private educational institutions.

The number of cyber attacks on these institutions will only grow in 2015. Educational institutes are particularly vulnerable because university and college computer networks have historically been as open as their campuses, in contrast to other targets like financial institutions.

To safeguard against hacking attempts, educational institutions should put cyber security top-of-mind. The following defenses can significantly help:

Anti-phishing solutions: Those sneaky emails announcing the staff has won some exotic prize or their action damaged the educational institute’s repute can be a gateway for cyber criminals. They’ll ask you to click on a link/attachment, which redirects to a malicious site. They’ll craft a communication that looks so legit that you’ll actually click. Massive’s anti-phishing solution can help institutes neutralize the target/adversary, and later shut down and expose the source.
Strong passwords and updated antivirus: One of the best defenses education institutes can deploy is changing passwords to the sensitive networks, and installing the latest anti-malware/ anti-virus solution on sensitive computer systems in ultrasecure research facilities. Multi-factor authentication should be used wherever possible.
Awareness programs: Make internal awareness programs role-based. The standards should include controls for staff, faculty, and students, and they should go beyond strong password practices. A program could focus on recognizing malware and spear phishing attempts, while keeping policies around your learning management system.

Implementing a program that includes these measures is the best way to protect your educational institution.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.