Evidence suggests REvil behind Harris Federation ransomware attack

The trust’s financial records have been discovered on a dark web site known to be operated by the infamous group

abstract image of a hacker with lines of code on a screen

Ransomware gang REvil is thought to be responsible for the recent cyber attack on London-based multi-academy trust Harris Federation, which led to 37,000 students being locked out of their emails and coursework.

The trust, which manages 48 primary and secondary academies in and around London, fell victim to a ransomware attack on 27th March which saw hackers gain access to its IT systems. The “highly-sophisticated attack” forced the schools to take precautionary measures of temporarily disabling its email and internet-enabled telephone system, as well as any Harris Federation devices, including those used by pupils.

Following initial investigations, it now appears that the REvil group is in possession of the trust’s personal information, including financial records, and has made these available on the dark web. REvil is considered to be one of the most prolific ransomware gangs in operation today, recently claiming to have made more than $100 million in one year from extorting large businesses.

Emsisoft threat analyst Brett Callow found that “screenshots of multiple financial documents” belonging to the Harris Federation had been posted to “Happy Blog”, a dark web site belonging to REvil, suggesting the gang was behind the 27th March attack.

A screenshot from REvil's Happy Blog displaying Harris Federation details

Screenshot courtesy of Brett Callow

Brett Callow, Emsisoft

Related Resource

The business guide to ransomware

Everything you need to know to keep your company afloat

The business guide to ransomware - whitepaper from DattoFree download

“At present, students’ personal information has not been posted,” Callow told IT Pro.

The Harris Federation has yet to respond to IT Pro’s request for comment. However, the trust has previously said that it is cooperating “as appropriate” with the Information Commissioner’s Office (ICO), as well as “using the services of a specialised firm of cyber technology consultants” and “working closely with the National Crime Agency and the National Cyber Security Centre”.

It also stated that it is “at least the fourth multi-academy trust to have been targeted in March” by hackers. In the last few weeks, cyber criminals had also targeted multiple higher education institutions, including the University of Northampton, as well as Oxford University’s Division of Structural Biology.

In the US, students of Tilton elementary school in Haverhill, Massachusetts, who were scheduled to finally go back to full in-person learning, found out on Thursday that their return had been postponed due to the district's computer system being hit in a ransomware attack.

The high-profile cyber attack against tech giant Acer in March, said to have cost the company $50 million, was also attributed to REvil.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Google files lawsuit against Russian botnet operators
hacking

Google files lawsuit against Russian botnet operators

8 Dec 2021
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection
endpoint security

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection

7 Dec 2021
BitMart suspends withdrawals following hack
cryptocurrencies

BitMart suspends withdrawals following hack

6 Dec 2021
Bridging the DevSecOps divide: Spotlight on key relationships
Whitepaper

Bridging the DevSecOps divide: Spotlight on key relationships

3 Dec 2021

Most Popular

Microsoft 365 prices to soar by 20% for pay monthly subscribers
Managed service provider (MSP)

Microsoft 365 prices to soar by 20% for pay monthly subscribers

7 Dec 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021