I don't know if you've ever wanted to read a real ransom note that was used after a hack. If you have, here's one from a notorious hacking crew:
It's pretty long and one of the crews members has gotten busted recently (https://www.bleepingcomputer.com/news/security/suspected-member-of-thedarkoverlord-hacking-group-arrested-in-serbia/).
"Dear XXXXX & Board of Trustees of Columbia Falls SD6,
Sidney Hook (appears a bit like Sandy Hook), a well learned American Philosopher once said "everyone who remembers his own education remembers teachers, not methods and techniques. The teacher is the heart of the educational system." We couldn't agree any more, but we did feel Sidney Hook left out some key players. You ladies and gentlemen. Due to the perspiration and blood of hard working people like you yourselves, teachers have a place to teach and young promising minds have a place to learn.
Do you know what it means to exhibit great strength, Columbia Falls? We are all about to find out, as you will soon see. What you choose to happen next will define your district for years to come and we can assure you of that for you have been graced with our presence. You should be thankful we are giving you a choise in this matter. Rarely do educational institutions such as your own and people such as yourselves receive an opportunity like this. More on that later.
We know who you are, Columbia Falls. We know everything about your operation. We know everything about your schools and the children in them. Your nursery children, your primary children, and your secondary children. We know who the problem children are, who the honour performing children are, and even who many of the parents are. We have educated ourselves and made ourselves aware of your entire lives. Today, we're invading your lives and offices in the form of a letter filled with verbose, condescending, and abusive language. Yikes, right?
We are sure that by now you are wondering who this internet stranger is. We are thedarkoverlord and it's a pleasure to finally be speaking directly with you, Columbia Falls, under our real identity. (You may remember us as that pesky telephone number of XXXXXXXXXX). If you receive a message from us, it means you have been completely and thoroughly attacked and breached by an organised entity of creatures who are motivated only by their love for internet money and are responsible for some of the most serious breaches and security violation incidents in the last year. We are savage creatures who do not discriminate. We prefer to prey upon the likes of institutions such as your own, but not because we have anything against children, but rather for much more interesting reasons which you will soon come to understand.
The team over here at TheDarkOverlord Solutions strives to achieve our mission of creating long-lasting, profitable, and satisfying relationships with all of our clients (we are hoping you are one of them soon). We are honourable creatures and stand strong with heart and love for a solid win-win business arrangement. The wonderful team over here at TheDarkOverlord Solutions can be your best friend if you cooperate with us. We encourage you to open your internet browsers and search us up on the internet. You'll find quite a bit, but it will only be the tip of the iceberg of our portfolio as most of our clients cooperate and don't suffer the consequences of not doing so, unlike some of the entities names you will find. Do you have a Netflix subscription, perchance? Our name is synonymous with being "bent over a barrel" and we've done just this to you. Special Agents with the FBI have even said we have a particularly "pervasive nature" about how we handle our new friends.
You may be thinking to yourselves right now, "Hey, this sounds like the start of an extortion letter and I should call the Federal Bureau of Investigation immediately and let them know about this cyber-attack on our district!". You can call the Federal Bureau of Investigation if you would like. We'd prefer you don't, but hey, it's your choise. It does not impede what we will guarantee will happen to you if you don't cooperate with us. If you call the Federal Bureau of Investigation they will advise you not to cooperate with us. They will advise you not to respond to us or satisfy our demands and we promise you this would be a most grave mistake. We always encourage our new clients to comply with us or we will end up costing your operations great financial losses and your personal lives will be left forever affected by our levied punishment. You do not want this loss, do you? We understand the FBI and others are already working on this case, but there's no reason to involve them in this specific negotiation.
So, what have we done exactly? That's a great question, Columbia Falls. You're already aware by now of a lot of what we've done. Shut down multiple districts and over thirty different sites. More on that later. We have successfully attacked and breached your district's internal and "secure" infrastructure and we proceeded to pillage your computer network of very valuable data and information, among other things. Let's just keep everything about this event between us, okay?
Let's have a bit of fun with this presentation of some of what we heisted from you.
[Personal private information of students and examples of data redacted]
Heroes are willing to take risks. One example is a couple weeks ago there was a school shooting in Connecticut. As I watched the news that night I saw the firemen and policemen running into the school. They were willing to risk their lives by going into a building with a madman with a gun." There's another Sandy Hook reference. The possibility of something happening like this is has had your little corner of the world quite stirred up, lately.
We could go on and on about the student's material, but frankly, it hurts our eyes to read. Bloody rubbish. It's a shame we don't offer writing lessons as your students could certainly use them. A quick trip over to your secondary school's domain controller, XXXXXXX, gave us a slew of great reads. Especially from your counselor and social worker. XXXXXXX in particular had some great reads about various students at the school. Some real work, these kids are. We could go on and on.
[Personal private information of students and examples of data redacted]
As we stated before, we could go on and on, but we're sure you get the point. Notes from the Student Assistance Program are gold as well. Don't even get us started on the thousands of emails we've collected from various faculty and all of these IEP and 405 reports. However, we have one final tidbit of juice for you all to digest, one of the initial reports sent out by XXXXXXX.
[Description of report redacted]
"Fine", you may be saying, "they have all of our data. So what do we do now and where does this all lead to?" We have prepared several complete and clearly written win-win business proposition opportunities for your review. Columbia Falls, you will accord and satisfy one of our win-win business propositions, otherwise we will wreak havoc upon your district and your personal lives. If our letter and proposals goes ignored, rejected, or otherwise discorded and unsatisfied, we will become the cause of an immense and unfathomable amount of financial and reputational harm to your enterprise. We can go to the public with much of what we have. We can with great ease, put everything we have retrieved, from your district, on full display and cause you a tremendous amount of public embarrassment and humiliation. What does that mean, you ask? Imagine if we published all of your sensitive behavioural reports from your counselors and social workers on the open internet. Imagine if we published student grades and even the shoddy student work. How about nurse reports and private health information? What would the parents have to say about this? What sort of lawsuits would they begin? What would happen if everyone found out the reason we closed down multiple districts and over thirty sites is due to your failure to secure your networks? Now, you may wonder if the parents would side with you when you publish media about how you're the victim and we're the baddy cyber-terrorists, but the truth of the matter is when these same parents are seeing their precious children's PII, school grades, mental health reports, behavioural discipline measures, and other extremely sensitive information being published online for all to see, how do you believe they will react? How would the parents feel knowing all their fear and anxiety was caused by your own short comings. What if we to the media with more information? Now, we don't want to do this. In fact, we just want to keep this quiet between us. We are completely willing to keep our mouths shut and ensure complete non-disclosure of the security violation that has occurred and make sure none of this data and information ever sees the light of day, as long as we are accorded and satisfied. Your district and our name in the same headline would be terrible for you all and we're certain you agree with that. We almost forgot. Could you imagine the parent's reactions when they find out their child's take-home laptops were used to survey their private lives through webcams and microphones? Yikes is right.
And finally, onto the most exciting event in the last few days in more detail: the massive cluster-fuck of LEAs and LEOs on the search for some anonymous lone-wolf threat actor of poor mental health. We had an absolute riot. It was absolutely brilliant how we orchestrated that entire situation from the beginning. We learned through previous dealings with other educational institutions that the most efficient way to have you understand and accept one of our offers was to really sell you hard. To sell you so hard you're bending to our will without realising it. That entire incident is only a mere taste of what could come. The national headlines linking that event with us would devastate you all. Absolutely destroy you professionally and personally. We decided to bring other districts into the show to increase the liability of your own district. Quite brilliant, eh? Consider that carefully. Through bringing these other districts aboard we have opened bigger floodgates for civil action than if it was merely your own district. If you do end up discussing this with the LEAs involved, one or two of them may be aware of some of our other similar approaches to educational institutions. To this day the connection to those events are not public, because again, we're creatures of our word and honour.
If you don't do what we propose, we can and will cause you a lot of financial and reputational damage. We are prepared to contact every single one of your students and their parents and share with them this entire experience and ordeal in order to help them understand and become aware of your shortcomings and that you are responsible for their suffering, unless you comply with us. We can thoroughly assure you that it will be far less expensive to agree to one of our win-win proposed arrangements than what it will cost you to let this once-in-a-lifetime opportunity slip away. We are well trained in the fine art of catalysing chaos and bringing total war to your front door steps and if you have researched us, you already know this. In fact, in your particular case you don't even need to research us to know that. Look at what we've already done and now imagine it getting even worse! Mark our words, SD6. Make the right choise.
If you decide to not entertain us and agree to one of our win-win business propositions, we will escalate our use of force in a tiered process that will involve an ever increasing level of damage and harm for you. At each level of escalation, we will remind you of how the current level of punishment could have been avoided. Out of the interest of fairness and transparency we took the time out of our operations to fully disclose to you, the results of any lack of compliance as we do not wish to surprise you with something unexpected (we know, this sounds comical, right?). We prefer to put all of our cards out on the table in hopes that you understand that it's best to grow with us and not away from us. Come and grow together with us and let's see what we can achieve together!
You must be asking yourselves what the business angle is here. Great question! Being the kind creatures that we are, we will be sure to leave you with varying options of profitable proposals in a show of good faith. We don't want to paint you into a corner with something you don't want. We're proposing a discreet, exclusive, and very profitable proposition for you. We have a few requirements that you will be required to satisfy in order to stay in our good graces, but don't worry, they won't be too difficult.
The first requirement is that you respond to our communications within twenty-four hours of receiving them, and believe us when we say that we will be keeping track of the time. There is but a single exception to this time response requirement and that is the first time we contact you, which is now. We will allow you a time no greater than forty-eight hours to respond to us this time. There's only one catch to this requirement. Upon receipt and initial read-through of our letter, we want someone of authority (one of you) to respond to our letter stating only that you have successfully received it even though it will not have been forty-eight hours yet. We want to make sure you receive it without issue as it would be unfair to punish you for something that would not be your fault. Glitches happen, right? Again, this is in a show of good faith. We strongly value the timely settlement of our affairs with all of our clients. If you fail to follow this requirement of a twenty-four hour response after receiving a communication from us, we will lower the allotted time to no more than sixteen hours and we may consider levying a greater punishment.
The second requirement is that you maintain an amicable and cooperative attitude towards us. We aren't saying you have to like us or be our friends or even accept one of our propositions. We are just saying that we will treat you how you treat us. Be nice to us, because we are being very gracious with you. If you fail to follow this requirement of treating us the way you would want to be treated, we will remember this, and well, you won't like the result.
The third and final requirement is of course where the real exciting stuff happens. Yes, it's a financial requirement as you already guessed. It's always about money, isn't it? So how much money and what terms do we want it on? Great question! In this case it's all about internet money, though. We are offering you, our special client, three business proposals that will satisfy us and make sure you are elevated to a more preferable position than you are now. What are these three proposed options you ask? Keep reading!
Option one is a straight forward, no frills, payment plan - We are proposing that you have one calendar year to satisfy this arrangement between us. This proposal breaks down as follows: You, our client, accord and satisfy a complete transfer of 150.000 USD of Bitcoins (BTC) over a twelve calendar month period of time with your first transfer to be a twenty percent down-payment transfer of 30.000 USD of BTC to be made by the date and time of 2017-10-20 23:59 UTC. Follow-up transfers of 10.000 USD of BTC will be made by the end of each calendar month for the next twelve months, in order to accord and satisfy this proposed option. A primary benefit of this arrangement is that you know we want the Bitcoins and we will not be motivated to go ill on our arrangement because we'll be motivated to hold out for a year. While we're providing you a guarantee we won't go ill on our word, we realise this option may appear attractive due to your prejudice against us.
However, if you agree to have XXXXXXXX write us a five page essay about his personal experience and emotions throughout this ordeal from beginning to end, a personally written and delivered apology letter for disregarding our request to communicate with him and further explaining why it took him so long to communicate with us (as it was just plain rude to ignore us for so long, really), and also vouch for our good name to future clients, we will propose a second offer of discounting our first proposal by thirty-three percent for a grand total transfer of 100.000 USD of Bitcoins (BTC) instead of transferring a total of 150.000 USD of Bitcoins (BTC). You will be required to make a thirty-five percent down-payment transfer of 35.000 USD of BTC by the date and time of 2017-10-20 23:59 UTC. We will then allow you to transfer us approximately 11.000 USD of BTC by the end of each calendar month for the next six calendar months, in order to accord and satisfy this proposed option.
The third and final optional proposal is a simple and easy satisfaction arrangement - If you decide you want to satisfy our business agreement in a timely manner, we will propose a significant discount that we can all get behind. All that must be done to satisfy this third proposed option is to satisfy a grand total transfer of 75.000 USD of Bitcoins (BTC) by the date and time of 2017-10-20 23:59 UTC. After we perform and uphold the services described in our proposed contracts, you can be sure that we will be out of your hair in no time at all. Although, we may have to ask you for some holiday hot-spot recommendations to check out. We hear this time of year is great in many Northern Hemisphere locations by we're too busy to check up on quality reviews.
If you choose one of the proposed options above, we agree that we will securely destroy all of the data and information that we retrieved from you and we will make sure that all of this falls through the cracks and becomes forever lost in the darkness below, to not be brought up ever again (we need the storage space anyway, to have the room for our future activities - which don't involve your school district, provided that one of our proposed options is agreed to and satisfied by the terms of the corresponding contract). We may even be willing to amend the terms of accord and satisfaction in the terms of compensation and time frames, if you ask nicely and if we are entertaining a satisfied existence at that moment in time.
If you do end up speaking to the FBI about our previous work, you'll know we've had many entities provide us compensation in exchange for our services. An outstanding majority of those arrangements have gone by without error. Admittedly, there were several problem clients who breached the contracts, but we're running on an outstanding track record. You'll no doubt read about Larson Studios, but we can assure you they were in gross breach of our contract. Follow the terms carefully and you'll be fine.
Another point of needed articulation is that you'll need to suss out that we're handling clients a bit differently these days. We used to be quite lax about time frames and a general lack of following our instructions and disrespect. We here at TheDarkOverlord Solutions have now implemented several policy changes which includes a no-tolerance article. This means we will not tolerate any new client being more than a minute late or a coin short of any of our proposed terms. Again, if you speak with the relevant LEAs they'll discuss how we've been a bit lax in the past. We're quite simply not fucking around.
We've taken the liberty to attach a couple proposed contracts that are preconfigured for options one and options three. As you review our proposed agreements you will understand more clearly what the proposed arrangements are and what we are offering to all the parties involved. You'll have until 2017-09-23 23:59 UTC to execute one of our proposed contracts. This means once you decide to start communicating with us, we will all need to work quickly. Additionally, if you would prefer option two, we will happily draft a contract that describes those terms for your review and approval. If you wish to make suggestions, revisions, or have comments about these contracts, we ask that you get in contact with us as soon as possible and let us know what they are so that we may forward them to our legal department so they may promptly begin arranging for you to be our happiest client yet. As long as we can finalise the draft of your preferred contract before the aforementioned date and time of 2017-09-23 23:59 UTC, we are more than willing to work with you on this matter.
We've taken the liberty to attach a download link of a small submission of a few documents, chosen at random from our pile of loot, that will help you to verify that what we have claimed above is the truth. We would like you to understand that we have taken quite a lot of data and information from your entire district. As it stands at this time, you are in between a rock and a hard place and bent well over a barrel, but don't fear for we are here to help you succeed and lift you from this mess.
If you have any comments, questions or concerns about anything from this message, the technical aspects of Bitcoin, or anything that has happened, you may ask us or refer to your IT department as they will likely have some input and answers as well. We suggest to keep this between you and your IT department as it is in everyone's best interest (not a threat). Discretion is very important to all of us. This is why we've decided only to contact the top tier administration level of your district. Again, any LEA or other third party who has investigated our incidents and dealings can verify this point.
We desire to build a healthy and long-term relationship with you and we would like to start now. We value a strong dialogue and effective communication. Remember Columbia Falls SD6, you have forty-eight hours from the receipt of this message to open a dialogue with us before you force us to escalate this situation to the terms we have mentioned before. We really want to settle this amicably and timely. Oh, but don't forget to send us a received confirmation receipt to avoid any misunderstandings."