The data-extortion group Karakurt posted online Tuesday morning that it is, "excited to present to you our new data leak — Davenport Community School." It goes on to claim a "giant massive array" of students' personal data can be found on its site.
However, a threat analyst for a global cybersecurity software firm, Emsisoft, said Tuesday that groups like Karakurt "don't actually want to release data as their negotiating position is weakened with each installment they publish."
Since last week, Karakurt has been threatening to leak data on Monday if the district did not meet its demands.
"It's really not possible to predict what will happen next or when," said Brett Callow, threat analyst. "It depends on whether Karakurt believes they may still be able to extract payment, whether the district does pay, whether Karakurt has as much data as they claim, etc."
According to Callow, the group has not followed through on the threat and has not yet released any installments of Davenport's data on its multiple platforms.
It is possible the group is simply baiting the district, or it also could be bluffing, he said.
District officials last week notified more than 6,000 students and staff members of the possibility their personal information, including Social Security numbers, drivers' license numbers and medical information may have been stolen during the September cyber attack.
The Iowa Attorney General's Office also was informed last week by district officials that 6,409 people were notified their personal data may have been compromised in the breach.
District officials previously said they thought they had "thwarted" the attack.
Though asked last week about the timing of the notification to possible victims, given the threat was not disclosed until a month after it was discovered, district officials have not supplied a response.
Other questions were asked, including whether a ransom demand was made and how the district has been managing with lost access to email and phones, but district officials, again, have not yet responded.
Paul Rouse, president of Moline-based Rouse Consulting Group Inc., also said the hackers' next move is unpredictable.
"There's very much a marketplace for this type of information. Not always but oftentimes organizations or the 'bad guys' that end up stealing the data aren't necessarily the ones who actively use the data," Rouse said. "Many times, they become a broker and will sell the data on.
"There's a market price for various types of data that exists out on the dark web. The method it sounds like they're going after is pure exploitation or a kind of ransom."
And the hackers typically are experienced, Rouse said.
"This is a business for the vast majority of these groups. To simply release the data wouldn't be a smart business move, because it just inflicts harm to the school district at that point, as opposed to monetary gain," he said.
Some data-extortion groups don't have monetary motives and may aim to cause chaos or harm to individual targets or groups with whom the hackers do not philosophically agree.
"But the majority of them seem to have a business motive to it," Rouse said. "If they're going with that motivation, my guess is that they're trying to maximize their take. If they can get the school district to pay them a handsome sum, then great.
"If not, there's a marketplace for this information: Validated social security numbers, email addresses, cell phone numbers ... they all have a price tool to it. If they can get the school district to pay more than what the open market price is, they'd probably go that route."
©2022 Quad City Times, Davenport, Iowa. Distributed by Tribune Content Agency, LLC.
