Blacksuit Ransomware Strikes Edwood Schools, Disrupting Operations and Data Integrity
Blacksuit Ransomware Group Targets Edwood Schools
Overview of Edwood Schools
Edwood Schools, part of the Richland-Bean Blossom Community School Corporation (RBBCSC), is located in Ellettsville, Indiana. Serving a diverse student population across elementary, middle, and high school levels, the institution is committed to fostering intellectual, social, and emotional development through a comprehensive curriculum and various extracurricular activities. With a mission of "Caring. Daring. Preparing.", Edwood Schools aims to empower learners to reach their fullest potential. The district employs between 51-100 people and has an annual revenue of $1M-$5M. Known for its commitment to student well-being, the school provides support services such as counseling, special education, and health services.
Details of the Ransomware Attack
Recently, Edwood Schools became a victim of a ransomware attack by the Blacksuit ransomware group. Blacksuit publicly claimed responsibility on their dark web leak site, listing Edwood Schools as a victim. The group encrypted critical data, appending the .blacksuit extension to affected files, and left a ransom note named README.BlackSuit.txt in each compromised directory. The note directed victims to a Tor chat site for further communication. While the exact ransom demand and deadline remain undisclosed, the attack has significantly impacted the school's operations and data integrity, given the sensitive nature of the information handled by educational institutions.
About the Blacksuit Ransomware Group
Blacksuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. Experts have noted significant similarities in code and functionality between the two. Blacksuit targets both Windows and Linux systems, including VMware ESXi servers, making it a versatile and potent threat. Researchers suggest that Blacksuit could be a new variant developed by the same authors as Royal, a copycat using similar code, or an affiliate of the Royal ransomware gang. The emergence of Blacksuit indicates that the threat actors behind Royal may have inspired other cybercriminals to develop similar ransomware families.
Potential Vulnerabilities and Attack Vectors
Educational institutions like Edwood Schools are often targeted by ransomware groups due to several vulnerabilities, including outdated software, insufficient cybersecurity measures, and the high value of the data they hold. Schools manage a vast amount of sensitive information, making them lucrative targets for cybercriminals. In the case of Edwood Schools, the attack could have been facilitated by exploiting vulnerabilities in their IT infrastructure, such as unpatched software, weak passwords, or phishing attacks. The ransomware group may have gained initial access through compromised credentials or by exploiting known vulnerabilities in the school's network.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!