[BreachExchange] Eight K-12 Schools Targeted by Pysa Ransomware

Mon Aug 16 12:09:25 EDT 2021

https://heimdalsecurity.com/blog/eight-k-12-schools-targeted-by-pysa-ransomware/

In March 2021, the Federal Bureau of Investigation’s Cyber Division has
alerted of a rise in Pysa ransomware incidents targeting government
institutions, the educational and healthcare sectors, as well as private
organizations, all over the US and the UK.

A few months later, Pysa ransomware, a version of the Mespinoza ransomware
family, impacted no less than eight K-12 school districts in the U.S.A.

Why Is the Education Sector so Attractive to Ransomware Attackers?

As reported by security experts, the number of ransomware attacks against
the educational sector keeps getting higher and higher every year and with
the Covid-12 pandemic, the situation has gotten even worse.

The educational sector is extremely tempting for ransomware threat actors
as unfortunately it still lacks a strong cybersecurity posture that
sometimes may be unaffordable for some of these institutions. Also, the
fact that it holds significant amounts of sensitive student and staff
members’ information makes the education sector very appealing to
ransomware attacks.

The students’ behavior who frequently engage in high-risk actions leading
to exposure to ransomware attacks is also an important factor.

Another reason is the highly accessible and interconnected nature of
campuses that provides many points of potential malware infiltration. All
the hackers have to do is discover a weak link, and ransomware can spread
in no time from students to all the institution servers and staff devices.

What Schools Fell Victims to Pysa Ransomware Gang?

Eight k-12 (from kindergarten to 12th grade) American public school
districts that can be seen on the Pysa ransomware cybercriminals leak
website have become victims to the popular gang.

According to reports, some of the educational facilities were hit before
the FBI warning while others were impacted following the alert.

Here is a list of the public school institutions hit by Pysa ransomware and
added to the leak website:

   - Winters Independent School District (Texas) – added on October 25th,
   2020
   - Palos Community Consolidated School District 118 (Illinois) – added on
   December 1 st, 2020
   - Brookfield Public Schools (Connecticut) – added on December 1 st, 2020
   - Gering Public Schools (Nebraska) – added on February 24th, 2021
   - Affton School District (Missouri) – added on February 25th, 2021
   - Zionsville Community Schools (Indiana) – added on May 2nd, 2021
   - Logansport Community School Corporation (Indiana) – added on May 8th,
   2021
   - Sheldon ISD (Texas) – the attack took place in March of 2020 but they
   are not on the leak website because the ransom has been paid

While nobody knows how many of these schools actually paid the ransom or
how much they were required to pay everybody knows that the ransom demands
can be colossal. Schools have been encouraged by cybersecurity researchers
to make the attacks public and reveal the costs in order to let people and
law enforcement know the real situation.

The Heathcare Sector Also Targeted by the Pysa Ransomware Threat Actor

The educational sector is not the only one targeted by the Pysa ransomware
group, the medical field is also zeroed in. Since 2020, the gang has
targeted more than 10 healthcare organizations that also didn’t hurry to
disclose the ransomware attacks with only three of them reporting to the
U.S. Department of Health & Human Services.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210816/43f602e6/attachment.html>