Snowflake Hacker Lowers Demands

Reading Time: 2 minutes
  • A cybercriminal has reduced their ransom demand from $2 million in Bitcoin to $150,000 for stolen US student data
  • The data was stolen from Snowflake, a cloud-based data firm
  • The threat actor Sp1d3r has issued a warning to LASchools and Edgenuity, demanding payment within seven days

A cybercriminal selling the personal data of millions of US students, stolen after a hack on the cloud-based data firm Snowflake, has drastically reduced their ransom demand. Initially set at $2 million in Bitcoin, the demand has been lowered to just $150,000, according to a report by HackManac. The threat actor, known as Sp1d3r, issued a warning on Tuesday to LASchools and Edgenuity, stating, “Warning to LASchools/Edgenuity: Pay in 7 days or we leaking student details.” 

30 BTC a Bit Too Greedy

Sp1d3r’s original demand following the hack was for 30 bitcoins in exchange for not releasing the stolen information. However, within a day, the ransom amount was revised to $150,000, payable in US dollars, with Sp1d3r seemingly realising that the demanded sum was too much.

The compromised data includes sensitive information such as names, addresses, demographics, financial details, medical records, performance scores, disciplinary records, and both parent and student login credentials. The affected students range from kindergarten through the 12th grade.

There is, however, confusion about the source of the stolen data. The second ransom note mentioned instead of LASchools, and Edgenuity has denied any data theft. An Edgenuity spokesperson told Protos, “Edgenuity is not aware of any data or information that has been stolen or leaked as a result of any hacking activity of LAUSD.” This statement has been corroborated by both LAUSD and Snowflake.

Bloomberg reported that ransoms ranging from $300,000 to $5 million have been demanded from 10 companies using Snowflake’s infrastructure. These companies include Ticketmaster, Advanced Auto Parts, and Santander. Google’s Mandiant security has linked the Snowflake breach to the cyber group ‘UNC5537’ and is investigating possible connections to ‘Scattered Spider.’