Ransomware gang REvil is thought to be responsible for the recent cyber attack on London-based multi-academy trust Harris Federation, which led to 37,000 students being locked out of their emails and coursework.
The trust, which manages 48 primary and secondary academies in and around London, fell victim to a ransomware attack on 27th March which saw hackers gain access to its IT systems. The “highly-sophisticated attack” forced the schools to take precautionary measures of temporarily disabling its email and internet-enabled telephone system, as well as any Harris Federation devices, including those used by pupils.
Following initial investigations, it now appears that the REvil group is in possession of the trust’s personal information, including financial records, and has made these available on the dark web. REvil is considered to be one of the most prolific ransomware gangs in operation today, recently claiming to have made more than $100 million in one year from extorting large businesses.
Emsisoft threat analyst Brett Callow found that “screenshots of multiple financial documents” belonging to the Harris Federation had been posted to “Happy Blog”, a dark web site belonging to REvil, suggesting the gang was behind the 27th March attack.
RELATED RESOURCE
The business guide to ransomware
Everything you need to know to keep your company afloat
“At present, students’ personal information has not been posted,” Callow told IT Pro.
The Harris Federation has yet to respond to IT Pro’s request for comment. However, the trust has previously said that it is cooperating “as appropriate” with the Information Commissioner’s Office (ICO), as well as “using the services of a specialised firm of cyber technology consultants” and “working closely with the National Crime Agency and the National Cyber Security Centre”.
It also stated that it is “at least the fourth multi-academy trust to have been targeted in March” by hackers. In the last few weeks, cyber criminals had also targeted multiple higher education institutions, including the University of Northampton, as well as Oxford University’s Division of Structural Biology.
In the US, students of Tilton elementary school in Haverhill, Massachusetts, who were scheduled to finally go back to full in-person learning, found out on Thursday that their return had been postponed due to the district's computer system being hit in a ransomware attack.
The high-profile cyber attack against tech giant Acer in March, said to have cost the company $50 million, was also attributed to REvil.
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million rewardNews The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacksNews The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b modelNews Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
