Ransomware gang claims responsibility for cyber attack on Ohio school district that cancelled classes
Ransomware gang BlackSuit today claimed responsibility for an October 2024 cyber attack on Marysville Schools in Ohio. The gang says it stole 121 GB of data from the school district.
Marysville Schools has not verified BlackSuit’s claim, but on October 26, 2024, the district announced it was the victim of a ransomware attack. Classes were canceled due to the resulting IT outage.
Marysville Schools hasn’t disclosed what student or staff personal information was stolen but ensured families that the district does not collect Social Security members, payment info, or student driver’s license numbers.
We don’t yet know whether Marysville Schools did or will pay a ransom, how much BlackSuit demanded, or how attackers breached the district’s network. Comparitech contacted Marysville Schools for comment and will update this article if it responds.
The district’s FAQ on the incident states, “On October 26, 2024, MEVSD detected unusual activity on our network and determined that we were the victim of a ransomware attack. We immediately initiated our incident response plan to include notifying state and federal law enforcement and contacting a team of cybersecurity specialists to help us respond to the incident.”
Who is BlackSuit?
BlackSuit first emerged in April 2023, and has a history of attacking critical industries like healthcare, government, and education. It’s a private operation and doesn’t employ a ransomware-as-a-service business model. BlackSuit often extorts victims twice: once for the decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data.
Since it first surfaced, BlackSuit claimed 52 confirmed ransomware attacks affecting 2.3 million records. Its other targets in the education sector include the Charles Darwin School and Select Education Group.
BlackSuit claimed another 101 attacks that haven’t been confirmed by targets, seven of which were in the education.
Ransomware attacks on US education
Ransomware attacks can both steal data and lock down a school’s computer systems. The school must then pay a ransom for a key to unlock the computer systems and for the attacker to not sell or publish the stolen data.
Ransomware can disrupt systems used for assignments, grades, communications with teachers and staff, billing, payroll, and more. Schools often have to resort to pen and paper until systems are restored, and some even cancel classes in the wake of ransomware attacks. If a school refuses to pay, restoration can take weeks or even months, and students and staff whose data was compromised are put at greater risk of identity theft.
Comparitech researchers logged 52 confirmed ransomware attacks on schools, universities, and other educational institutions so far in 2024, affecting nearly 250,000 records. The average ransom is just under $500,000.
Last month, ransomware gang Interlock claimed responsibility for an attack that shut down Winnebago Public Schools in Nebraska.
We tracked another 61 attacks in education that were claimed by ransomware gangs but not acknowledged by schools.
About Marysville Schools
The Marysville Exempted Village School District (MEVSD), also known as Marysville Schools, is located about 20 miles northwest of Columbus, Ohio. It enrolls a total of 5,600 students across five elementary schools, one intermediate school, one middle school, one high school, and one STEM early college high school. The district employs 300 teachers and 200 support staff.
Source link