Ransomware Attack on Cathedral Prep by INC Ransom

Cathedral Preparatory School, a private Catholic high school located in Erie, Pennsylvania, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group INC Ransom. The attack has potentially jeopardized sensitive data and disrupted the educational operations of this esteemed institution.

About Cathedral Prep

Cathedral Prep, established in 1921 by Archbishop John Mark Gannon, is part of the Roman Catholic Diocese of Erie. The school employs between 51-100 people and serves approximately 664 students. Known for its rigorous academic curriculum, Cathedral Prep offers 20 Advanced Placement (AP) courses and boasts a 100% college acceptance rate for its graduating class. The school also emphasizes extracurricular activities, with over 32 clubs and a robust athletics program.

What Makes Cathedral Prep Stand Out

Cathedral Prep is renowned for its commitment to holistic education, focusing on the moral, intellectual, social, and physical development of its students. The school’s mission is to prepare students for higher education and instill values that will help them become responsible members of society. This comprehensive approach has established Cathedral Prep as a respected institution in the Erie community and beyond.

Vulnerabilities and Targeting

Educational institutions like Cathedral Prep are often targeted by ransomware groups due to the valuable personal and financial information they hold. The school's extensive use of digital platforms for academic and administrative purposes makes it susceptible to cyberattacks. The ransomware group INC Ransom likely exploited these vulnerabilities to gain unauthorized access to Cathedral Prep's systems.

Attack Overview

The ransomware attack on Cathedral Prep was claimed by INC Ransom via their dark web leak site. The group is known for its sophisticated techniques, including spear-phishing campaigns and exploiting vulnerabilities such as CVE-2023-3519 in Citrix NetScaler. INC Ransom employs a double extortion tactic, encrypting data and threatening to release it publicly to increase pressure on victims to comply with ransom demands.

About INC Ransom

INC Ransom is a highly sophisticated cybercriminal group that has gained notoriety for its targeted ransomware attacks on various industries, including healthcare, education, government entities, and technology companies. The group uses advanced techniques for reconnaissance and lateral movement within a network, making it a formidable threat. INC Ransom has been active since 2023 and has claimed responsibility for breaching numerous organizations, including Xerox Corp and NHS Scotland.

Sources

• Cathedral Preparatory School
• SOCRadar - INC Ransom Profile
• Security Affairs - INC Ransom
• Huntress - INC Ransom Activity