A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack.
A laptop displays a message after being infected by a ransomware as part of a worldwide cyberattack. - 
Listen To The Story
Marketplace

An entire school district in Flathead Valley, Montana, shut down for days after hackers targeted several schools, sending death threats to students and staff, and threatening to release sensitive personal information unless a ransom was paid in the online currency bitcoin. More than 30 schools and a community college closed for three days, affecting over 17,500 students.

For Superintendent Steve Bradshaw, it all started with a text message from an unknown number.

"I got a very threatening message," said Bradshaw, head of schools in Columbia Falls, Montana. "It said something to the effect that I wasn't going to see him coming and that I would pay. It was fairly threatening."

And that was just the beginning. Soon, threatening text messages spread across the Flathead Valley to school staff, parents and students. Messages with explicit threats to students.

"That they were going to splatter the blood of our children all over the hallways and things like that," Bradshaw said. "Fairly, fairly dark messages." At that point, Bradshaw and other school officials in the area made a decision: Close the schools.

And as threatening messages continued to spread, people in the rural Montana area had two questions on their mind: Who is this? And why are they doing it?

"It had me bothered enough that I actually had my shotgun in the bedroom," Bradshaw said. "I've never done that before."

School was then cancelled for a total of three days. Activities were cancelled over the weekend. And over at the local paper, things were in a flurry.

The suspects

"As a reporter, I was investigating and reporting on this, too," said Dillon Tabish, a reporter for the local Flathead Beacon newspaper. "And we actually got contacted by the suspects." Tabish began an electronic message interview with the suspects. "And kind of unfortunately got to see the kind of gruesome stuff that they were saying," Tabish said.

From the Flathead Beacon:

The individual said on multiple occasions in various ways that he or she intended to kill people in large numbers. The suspect said they were heavily armed with “extensive training.”

“If you know anything about military weapons … it should scare your region,” the person said.

When asked again why he or she was targeting the Flathead Valley, they responded that they wanted to scare people and harm as many people as possible.

“I wanted the public to exist in a state of fear before I make my move. This will allow the government protecting your children to look poorly in the light of the public,” the suspect said.

The individual later elaborated, “The quaint, small, backwoods region of the US like yours is prime hunting grounds. This incident is the last thing you will expect to happen here.”

Soon, authorities linked the source of the threats to an overseas hacking organization that identifies itself as TheDarkOverlord Solutions. Authorities tied that group to high-profile hacking incidents, including a breach of Netflix.

The group sent a ransom letter to members of the Columbia Falls school board and superintendent, demanding payment in bitcoin. Otherwise, they threatened to release sensitive personal information hacked from school servers.

In the letter, the group laid out three ways the district could pay the bitcoin ransom: in one lump sum at a certain rate over a year, or at lesser rate over six months if a school staff member agreed to "write us a five-page essay about his personal experience and emotions throughout this ordeal."

Why target a school?

The Montana school district didn't pay the ransom. The FBI and other law enforcement continue to investigate that case. The district is beefing up its cybersecurity. And, after three days, classes resumed at schools across the Flathead Valley.

But they're not alone. Schools in Texas, Iowa and Alabama also say they have been hacked by The DarkOverlordSolutions.

Which raises the question: Why target a school?

"They just sit on a wealth of information," said Michael Kaiser, executive director at National Cyber Security Alliance. "If you think of what a school has about the students, the parents, the teachers. It's an incredible amount of data which is incredibly valuable to cyber criminals."

And beyond that, cash-strapped schools might not have the best resources to protect that data.

"I think, you know, there's also a mistake that sometimes schools may make, which is they think, 'Oh, well, why would I be a target?' " Kaiser said. "And I think they have to understand that they're not always being targeted directly."

Often hackers send out wide phishing scams. All it may take is for someone to click on a link.

"Sometimes people think, 'Oh, I'm not going to be targeted' but they need to understand they're not always targeted," Kaiser said. "Sometimes they're just being swept up."

To listen to the full story, tune in using the audio player above.

Follow Peter Balonon-Rosen at @pbalonon_rosen