RansomHub claims December 2024 ransomware attacks on two US school districts

Yesterday, RansomHub added two US school districts to its data leak site — Highland Park Independent School District, Texas, and Wayne-Westland Community Schools, Michigan. Both confirmed ransomware attacks in December 2024. RansomHub alleges to have stolen 1 TB of data from Highland Park ISD and 4 TB of data from Wayne-Westland.

In both of its posts, RansomHub criticizes the school districts for inadequate cybersecurity measures, accusing them of having insecure passwords such as “123456” and “password.”

In the case of Highland Park Independent School District, a network outage due to a ransomware attack was confirmed on December 2, 2024. This caused a weeklong network outage.

Wayne-Westland Community Schools also suffered its attack at the start of December 2024 but recoveries were ongoing throughout January. Key systems were being brought back online on January 9. And in its last update on January 23, the technology department had partially restored its external phone systems.

Neither school has issued a data breach notification as of yet. However, following RansomHub’s claims, it’s likely there will be some confirmation in the coming weeks/months. In the meantime, we’d highly recommend any students, parents, or employees in these districts remain alert for any potential phishing messages while also monitoring accounts for unauthorized activity.

Who is RansomHub?

Toward the end of last year, RansomHub became the most dominant ransomware group based on the number of postings to its data leak site. Since February 2024, we have tracked 103 confirmed attacks via this group and 492 unconfirmed attacks.

Unfortunately, educational institutions aren’t unfamiliar with RansomHub. Last week, Crystal Lake Elementary District 47 started issuing data breach notifications to 14,207 people following an attack (also claimed by RansomHub) in October 2024. And Marietta City Schools was also hit by an attack in December 2024.

In fact, throughout 2024 we noted 13 confirmed attacks on schools, colleges, and universities globally via RansomHub.

So far this year, we’ve logged two confirmed attacks via this group (the South African Weather Service and Sweden’s technology company, SportAdmin) and 55 unconfirmed attacks.

RansomHub is a ransomware-as-a-service variant thought to have ties to Russia. It often follows a double-extortion technique, demanding a ransom for a decryption key to unlock the company’s systems and another for deleting all of the stolen data.

Ransomware attacks on US schools, colleges & universities

In 2024, we noted a significant dip in attacks on this sector with just 69 confirmed attacks–almost half the figure noted in 2023 (123). However, we’ve already seen four confirmed attacks this year so far and we are monitoring a further 15 unconfirmed attacks.

Harrison County Board of Education (SafePay), Addison Northwest School District (ThreeAM), the University of Oklahoma (Fog), and Jefferson School District 251 have also confirmed attacks this year. While no gangs have come forward to claim the attack on Jefferson School District 251 last week, classes were canceled as a result of the attack.

About Highland Park Independent School District

With its main office in Dallas, Texas, Highland Park ISD contains eight schools, employs over 800 people, and is home to around 6,300 students.

About Wayne-Westland Community Schools

Wayne-Westland Community Schools serves Wayne, Westland, Canton, Dearborn Heights, Inkster, and Romulus. The district has an early childhood center, 10 elementary schools, three middle schools, two high schools, an Innovative Academy, and a Career-Tech Center.