IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

FBI Takes Control of Hacker Group Suspected of Targeting NPS

While it has yet to confirm Hive was the group that attacked Norman Public Schools' network in November 2022, the FBI has gained control of the group's operations and said they've targeted over 1,500 victims worldwide.

FBI (2)
(TNS) — The FBI has assumed control of operations run by a group of hackers that took credit for the ransomware attack of Norman Public Schools.

The group, known as Hive, has extorted more than $100 million from hospitals schools and other organizations, according to multiple reports.

Ransomware is a type of malicious software that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker.

In November, a representative of the malware organization contacted several media outlets by email and wrote: "Our organisation [sic] has breached and downloaded from Norman Public Schools network most important information with a total size over 311 GB."

Files downloaded, according to the email obtained by The Transcript, included contracts, nondisclosure agreements and other agreements; documents; private company information, including budgets, plans, evaluations, and school building floor and wire blueprints; employee information, including social security numbers, emails, addresses, phone numbers, photos, insurances information, payments; and student information, including social security numbers, emails, addresses, phone numbers, photos, insurance information, and payments.

Reached Friday, The FBI would not confirm Hive is the organization behind the NPS breach.

A school district spokesperson, however, said the district has been working in cooperation with the FBI to hold those involved accountable.

"We cooperated fully with the FBI during the investigation following the November 2022 malicious ransomware attack against Norman Public Schools," Chelsey Kraft said in a statement. "From the beginning, we assumed we were part of a much larger ransomware scheme targeting many others because that is the way cyber criminals operate."

NPS did not confirm whether Hive was behind the attack.

"The FBI has made no contact with us regarding this development and as a result, we have no updates," Kraft said. "We applaud the FBI's efforts to pursue these criminals and think groups like these should be prosecuted to the full extent of the law."

The FBI released an affidavit, which details the strategies Hive used to penetrate schools, hospitals and other organizations. It said that it has targeted more than 1,500 victims around the world.

Hive uses a subscription-based software model where developers or administrators create an easy-to-use interface so those recruited can hack into different organizations.

"Affiliates identify targets and deploy this readymade malicious software to attack victims and then earn a percentage of each successful ransom payment," the bureau reported in the affidavit.

After victims pay Hive hackers, the ransom is split 80-20 between Hive and its workers doing the hacking, the bureau reported.

NPS first reported a "malicious ransomware attack" Nov. 4 and warned families to discontinue using district-issued laptop computers and other devices.

The attack disabled a majority of school district operating systems, including Infinite Campus, Canvas and Seesaw, for about eight days.

Last month, NPS told families the personal information of certain staff and students was compromised by an unauthorized "actor" who gained access to some computer systems.

©2023 The Norman Transcript (Norman, Okla.). Distributed by Tribune Content Agency, LLC.