In a series of ransomware attacks that occurred last month, the education sector was once again targeted, resulting in substantial disruptions and placing sensitive student information at risk. According to TechTarget Editorial’s 2023 ransomware database, which tracks attacks against U.S. organizations based on public disclosures, confirmed media reports, and data breach notifications to state attorneys general, there were 29 confirmed ransomware attacks in June. Although this represents a slight decrease from the previous month’s activities, it is important to note that these figures only account for a fraction of the global ransomware activity during that time.
Various cybersecurity vendors have reported substantial surges in ransomware attacks in recent months. For example, NCC Group determined that May had the second-highest number of recorded attacks globally this year, with a total of 436 incidents. It is worth mentioning that TechTarget’s ransomware database did not include the widespread attacks against vulnerable MoveIt Transfer instances. Microsoft reported earlier this month that threat actors associated with the Clop ransomware gang exploited a zero-day vulnerability in Progress Software’s MoveIt Transfer product to steal confidential data. Although the database did not include these victims, reports estimated that nearly 200 organizations fell victim to the Clop campaign.
While the number of confirmed attacks decreased in June, the targets remained consistent with previous months, with schools and municipalities being hit the hardest. Out of the 29 disclosed attacks, 12 were reported by schools and municipalities. However, one victim took an astonishing six months to notify the affected individuals. The Pearland Independent School District (ISD), based in Texas, discovered an attack on November 8. They promptly secured their systems and initiated an investigation with cybersecurity experts, but it wasn’t until June 5 that they notified 10 residents of Maine of the data security incident. Over 5,500 individuals were affected overall, with potentially accessed information including names, dates of birth, addresses, and Social Security numbers.
Similarly, the Lebanon School District in New Hampshire experienced a ransomware attack on June 15. The extent of the damage and whether any confidential data was stolen remain unclear as investigations are still ongoing. However, the outgoing superintendent took immediate action by shutting down payroll and other IT systems to mitigate the potential fallout.
In California, the San Luis Obispo County Office of Education also fell victim to a ransomware attack on June 12. This led to significant disruptions, forcing the office to take all services offline once the breach was discovered. Payroll had to be handled manually, and the investigation into the attack is still ongoing. As of June 30, some features of the office’s website were still down. The 8base ransomware group claimed responsibility for this attack, further indicating their active presence in the cyber threat landscape.
Aside from the education and municipal sectors, the technology industry also experienced ransomware attacks in June. Three organizations – Reventics in Denver, Incredible Technologies in California, and Heavy Hammer in Annapolis, Maryland – confirmed attacks last month. Reventics, a clinical documentation improvement and revenue cycle management company, revealed in a letter filed to the California Office of the Attorney General that they discovered a security incident on December 15. It wasn’t until June that they filed a data breach notification for affected individuals in California. Shockingly, the potentially compromised data included names, dates of birth, medical record numbers, patient account numbers, driver’s license and other government-issued ID numbers, healthcare provider information, diagnosis details, treatment costs, prescription medications, and identifying codes for medical procedures.
The increasing frequency and severity of ransomware attacks against the education sector, as well as other industries, continue to pose a significant threat to organizations and the sensitive data they hold. It is crucial for entities to prioritize their cybersecurity measures, including robust backup systems, employee training, and timely incident response protocols. Failure to do so not only jeopardizes the affected organizations but also puts individuals’ personal information at risk. As ransomware attacks continue to evolve and advance, proactive measures and heightened vigilance are necessary to combat this persistent threat.
Arielle Waldman, a Boston-based reporter, covers enterprise security news.