Twitter is failing to stop an account run by a ransomware gang from using its platform to distribute stolen information. Safe Not Scammed is not naming the gang or providing its account handle to avoid giving the criminals additional publicity.
The ransomware account has posted links to stolen files it claims are from Socrates Academy and Movement Schools, as well as leaking screenshots purportedly of negotiations with Citrus College about payment of a ransom.
According to an investigation by Queen City News, some of the data stolen and leaked by the ransomware gang includes “copies of checks, a list of parent email addresses, a list of students who were either held back or graduated to the next grade, PayPal payments, tax information, and more.”
Safe Not Scammed reported the ransomware account to Twitter on May 4th in an attempt to stop the distribution of stolen information. However, Twitter responded two days later saying the account “hasn’t broken our safety policies.”
Despite Twitter’s claim, the ransomware account clearly violates Twitter’s hacked materials policy. This policy prohibits tweets that contain or link to information obtained via hacking, noting, “we do not allow the people or groups directly associated with a hack to use Twitter to distribute hacked materials.”
As of the time of writing, the ransomware account and the links to stolen information are still accessible on Twitter.