Snowflake student data seller lowers $2M bitcoin ransom demand to $150K

A threat actor selling personal data belonging to millions of US students after the cloud-based data firm Snowflake was hacked has lowered their $2 million bitcoin ransom demand to just $150,000, reports HackManac.

In a threat, issued early on Tuesday, the actor known as Sp1d3r said, “Warning to LASchools/Edgenuity: Pay in 7 days or we leaking student details.”

At this point, they said they wanted 30 bitcoins to not release the stolen information.

However, in an updated demand, posted barely a day later, the ransom amount had been dropped to just $150,000, which it appears they want to be paid in US dollars.

The stolen details include names, addresses, demographics, financials, medical information, performance scoring, discipline details, and parent and student login details. Students affected reportedly range from kindergarten to the 12th grade.

The ransom was dropped to just $150,000, which it appears must be paid in US dollars.

However, there appears to be some confusion over where exactly this information has been stolen from. In addition to the lower ransom amount, the second note switched out LASchools with LAUSD.net. Not only this but Edgenuity has flat out denied that any of its data was stolen.

An Edgenuity spokesperson told Protos, “Edgenuity is not aware of any data or information that has been stolen or leaked as a result of any hacking activity of LAUSD.” 

“This has been confirmed by both LAUSD and Snowflake,” the spokesperson added.

Bloomberg reported that ransoms between $300,000 and $5 million have been demanded from 10 companies that rely on Snowflake’s infrastructure, including Ticketmaster, Advanced Auto Parts, and Santander. 

Google’s Mandiant security has attributed Snowflake’s hacking to the group ‘UNC5537’ and is investigating its possible collaboration with ‘Scattered Spider.’

Spanish police arrested the alleged leader of the Scattered Spider group this week. Authorities say the 22-year-old British national is thought to have made roughly 391 bitcoins worth around $26 million, through cybercrime.

Read more: Crypto ransom group LockBit leaks stolen pharmacy staff data

Reports from Wired, however, indicate that Ticketmaster’s data was actually stolen by the hacking group ShinyHunters. The group previously hacked one of India’s biggest crypto exchanges, BuyUCoin.

A senior analyst at the security firm ReliaQuest told Wired over a week ago that it’s unsure if Sp1d3r is legitimate or not. He said, “The threat actor’s profile picture is taken from an article referencing the threat group Scattered Spider, although it is unclear whether this is to make an intentional association with the threat group.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on XInstagramBluesky, and Google News, or subscribe to our YouTube channel.

Update June 19, 17:08 UTC: Updated article to reflect the hacker’s new demands, the source of the data changing from LASchools.net to LAUSD.net, and Edgenuity’s claims that no data has been leaked through LAUSD and Snowflake.