Ransomware gang REvil is thought to be responsible for the recent cyber attack on London-based multi-academy trust Harris Federation, which led to 37,000 students being locked out of their emails and coursework.
The trust, which manages 48 primary and secondary academies in and around London, fell victim to a ransomware attack on 27th March which saw hackers gain access to its IT systems. The “highly-sophisticated attack” forced the schools to take precautionary measures of temporarily disabling its email and internet-enabled telephone system, as well as any Harris Federation devices, including those used by pupils.
Following initial investigations, it now appears that the REvil group is in possession of the trust’s personal information, including financial records, and has made these available on the dark web. REvil is considered to be one of the most prolific ransomware gangs in operation today, recently claiming to have made more than $100 million in one year from extorting large businesses.
Emsisoft threat analyst Brett Callow found that “screenshots of multiple financial documents” belonging to the Harris Federation had been posted to “Happy Blog”, a dark web site belonging to REvil, suggesting the gang was behind the 27th March attack.
RELATED RESOURCE
The business guide to ransomware
Everything you need to know to keep your company afloat
“At present, students’ personal information has not been posted,” Callow told IT Pro.
The Harris Federation has yet to respond to IT Pro’s request for comment. However, the trust has previously said that it is cooperating “as appropriate” with the Information Commissioner’s Office (ICO), as well as “using the services of a specialised firm of cyber technology consultants” and “working closely with the National Crime Agency and the National Cyber Security Centre”.
It also stated that it is “at least the fourth multi-academy trust to have been targeted in March” by hackers. In the last few weeks, cyber criminals had also targeted multiple higher education institutions, including the University of Northampton, as well as Oxford University’s Division of Structural Biology.
In the US, students of Tilton elementary school in Haverhill, Massachusetts, who were scheduled to finally go back to full in-person learning, found out on Thursday that their return had been postponed due to the district's computer system being hit in a ransomware attack.
The high-profile cyber attack against tech giant Acer in March, said to have cost the company $50 million, was also attributed to REvil.
-
GitHub just launched a new 'mission control center' for developers to delegate tasks to AI coding agentsNews The new pop-up tool from GitHub means developers need not "break their flow" to hand tasks to AI agents
-
The Allianz Life data breach just took a huge turn for the worseNews Around 1.1 million Allianz Life customers are believed to have been impacted in a recent data breach, making up the vast majority of the insurer's North American customers.
-
Average ransom payment doubles in a single quarterNews Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new groupNews The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos
-
Google cyber researchers were tracking the ShinyHunters group’s Salesforce attacks – then realized they’d also fallen victimNews In an update to an investigation on the ShinyHunters group, Google revealed it had also been affected
-
Nearly one-third of ransomware victims are hit multiple times, even after paying hackersNews Many ransomware victims are being hit more than once, largely thanks to fragmented security tactics
-
75% of UK business leaders are willing to risk criminal penalties to pay ransomsNews A ransom payment ban is a great idea - until you're the one being targeted...
-
The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employeesNews The group is using new ransomware variants and new social engineering techniques - including sneaking into corporate teleconferences
-
Hackers breached a 158 year old company by guessing an employee password – experts say it’s a ‘pertinent reminder’ of the devastating impact of cyber crimeNews A Panorama documentary exposed hackers' techniques and talked to the teams trying to tackle them
-
The ransomware boom shows no signs of letting up – and these groups are causing the most chaos
News Thousands of ransomware cases have already been posted on the dark web this year
