Evidence suggests REvil behind Harris Federation ransomware attack
The trust’s financial records have been discovered on a dark web site known to be operated by the infamous group
Ransomware gang REvil is thought to be responsible for the recent cyber attack on London-based multi-academy trust Harris Federation, which led to 37,000 students being locked out of their emails and coursework.
The trust, which manages 48 primary and secondary academies in and around London, fell victim to a ransomware attack on 27th March which saw hackers gain access to its IT systems. The “highly-sophisticated attack” forced the schools to take precautionary measures of temporarily disabling its email and internet-enabled telephone system, as well as any Harris Federation devices, including those used by pupils.
Following initial investigations, it now appears that the REvil group is in possession of the trust’s personal information, including financial records, and has made these available on the dark web. REvil is considered to be one of the most prolific ransomware gangs in operation today, recently claiming to have made more than $100 million in one year from extorting large businesses.
Emsisoft threat analyst Brett Callow found that “screenshots of multiple financial documents” belonging to the Harris Federation had been posted to “Happy Blog”, a dark web site belonging to REvil, suggesting the gang was behind the 27th March attack.
RELATED RESOURCE
The business guide to ransomware
Everything you need to know to keep your company afloat
“At present, students’ personal information has not been posted,” Callow told IT Pro.
The Harris Federation has yet to respond to IT Pro’s request for comment. However, the trust has previously said that it is cooperating “as appropriate” with the Information Commissioner’s Office (ICO), as well as “using the services of a specialised firm of cyber technology consultants” and “working closely with the National Crime Agency and the National Cyber Security Centre”.
It also stated that it is “at least the fourth multi-academy trust to have been targeted in March” by hackers. In the last few weeks, cyber criminals had also targeted multiple higher education institutions, including the University of Northampton, as well as Oxford University’s Division of Structural Biology.
In the US, students of Tilton elementary school in Haverhill, Massachusetts, who were scheduled to finally go back to full in-person learning, found out on Thursday that their return had been postponed due to the district's computer system being hit in a ransomware attack.
The high-profile cyber attack against tech giant Acer in March, said to have cost the company $50 million, was also attributed to REvil.
-
‘Perfect’ Zero Trust is killing your mid-market productivitySponsored Security theory often collapses under real-world deadlines. It’s time for a more auditable, “human-centric” approach to privileged access management
-
Increased AI use means developers spend more time reviewing code than everNews While AI is improving productivity and efficiency, many developers are caught up in a vicious cycle of code reviews and bug hunting
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption
-
German authorities want your help finding the hackers behind GandCrab and REvilNews Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk are believed to have made millions from ransomware as a service schemes
-
The rise of teen hackers ‘makes for a good headline’, but cyber crime activities peak later in life
News With family responsibilities and mortgages to pay, it's not teenagers dishing out malware or carrying out cyber extortion
-
Ransomware gangs are using employee monitoring software as a springboard for cyber attacks
News Two attempted attacks aimed to exploit Net Monitor for Employees Professional and SimpleHelp
-
Ransomware gangs are sharing virtual machines to wage cyber attacks on the cheap – but it could be their undoingNews Thousands of attacker servers all had the same autogenerated Windows hostnames, according to Sophos
