From a school system email:
PowerSchool has informed us that they have taken action with the hackers to ensure the unauthorized data was deleted without any further replication or dissemination. They do not anticipate any of the data being shared or made public and are working with cybersecurity experts and law enforcement to ensure ongoing data safety. PowerSchool indicated they will be providing credit monitoring to affected adults and identity protection services to affected minors in accordance with regulatory obligations.
What does this even mean? Did the hackers pinky swear or something?
They paid the ransom.
And they think hackers will honour their word?
They often do. If they didnt, people wouldnt pay the ransom.
I made a similar comment elsewhere. Are the hackers identifying themselves such that they have a reputation that means something? If so, how do we know they are the reputable hackers and not just using the name of the reputable hackers?
In blackmail cases, the scammers typically keep coming back for more and more money.
Reputable blackhat hackers often use an online portal where they show proof.
Lesser known ransomware gangs are definitely known to try and double dip though.
That’s why you should always check the reviews of any hacking organization before letting them hack you.
I had the same thought. What’s stopping a new party from riding the clout of a “reputable” hacker?
There is a whole ecosystem at work where hackers can trade tools, collaborate, announce successes and confirm they are behind a breach.
The ransomware system relies on the majority of actors following through on their part of the bargain or no one would ever pay a ransom.
There are many parallels to how the majority of real world piracy was conducted.