Ransomware gang REvil is thought to be responsible for the recent cyber attack on London-based multi-academy trust Harris Federation, which led to 37,000 students being locked out of their emails and coursework.
The trust, which manages 48 primary and secondary academies in and around London, fell victim to a ransomware attack on 27th March which saw hackers gain access to its IT systems. The “highly-sophisticated attack” forced the schools to take precautionary measures of temporarily disabling its email and internet-enabled telephone system, as well as any Harris Federation devices, including those used by pupils.
Following initial investigations, it now appears that the REvil group is in possession of the trust’s personal information, including financial records, and has made these available on the dark web. REvil is considered to be one of the most prolific ransomware gangs in operation today, recently claiming to have made more than $100 million in one year from extorting large businesses.
Emsisoft threat analyst Brett Callow found that “screenshots of multiple financial documents” belonging to the Harris Federation had been posted to “Happy Blog”, a dark web site belonging to REvil, suggesting the gang was behind the 27th March attack.
RELATED RESOURCE
The business guide to ransomware
Everything you need to know to keep your company afloat
“At present, students’ personal information has not been posted,” Callow told IT Pro.
The Harris Federation has yet to respond to IT Pro’s request for comment. However, the trust has previously said that it is cooperating “as appropriate” with the Information Commissioner’s Office (ICO), as well as “using the services of a specialised firm of cyber technology consultants” and “working closely with the National Crime Agency and the National Cyber Security Centre”.
It also stated that it is “at least the fourth multi-academy trust to have been targeted in March” by hackers. In the last few weeks, cyber criminals had also targeted multiple higher education institutions, including the University of Northampton, as well as Oxford University’s Division of Structural Biology.
In the US, students of Tilton elementary school in Haverhill, Massachusetts, who were scheduled to finally go back to full in-person learning, found out on Thursday that their return had been postponed due to the district's computer system being hit in a ransomware attack.
The high-profile cyber attack against tech giant Acer in March, said to have cost the company $50 million, was also attributed to REvil.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
15-year-old revealed as key player in Scattered LAPSUS$ HuntersNews 'Rey' says he's trying to leave Scattered LAPSUS$ Hunters and is prepared to cooperate with law enforcement
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
A notorious ransomware group is spreading fake Microsoft Teams ads to snare victimsNews The Rhysida ransomware group is leveraging Trusted Signing from Microsoft to lend plausibility to its activities
-
Volkswagen confirms security ‘incident’ amid ransomware breach claimsNews Volkswagen has confirmed a security "incident" has occurred, but insists no IT systems have been compromised.
-
The number of ransomware groups rockets as new, smaller players emergeNews The good news is that the number of victims remains steady
-
Teens arrested over nursery chain Kido hacknews The ransom attack caused widespread shock when the hackers published children's personal data
