LockBit 3.0 Ransomware Attack on EVW School District

Incident Date: May 09, 2024

Attack Overview

VICTIM

Eden Valley-Watkins Independent School District #463

INDUSTRY

Education

LOCATION

USA

ATTACKER

Lockbit

FIRST REPORTED

May 9, 2024

Request Removal

Ransomware Attack on EVW School District by LockBit 3.0

Victim Profile

The Eden Valley-Watkins Independent School District #463, located in Eden Valley, Minnesota, is a public school district serving students in Eden Valley, Watkins, and surrounding areas. The district operates one elementary school and one secondary school, offering a wide range of educational programs and extracurricular activities to support student development.

Company Size and Industry Standing

The school district is a prominent educational institution known for its high standards and rigorous academic, arts, and athletic programs. The district's commitment to personalized learning opportunities, mental health programs, and community engagement sets it apart in the education sector.

Attack and Vulnerabilities

The LockBit 3.0 cybercrime group targeted the EVW School District in a ransomware attack, exfiltrating 19 GB of data, including invoices, financial records, and other documents. While no specific ransom demand was issued, the attackers leaked a sample of the exfiltrated data, highlighting the severity of the breach. The district's reliance on digital systems for administrative and educational purposes could have made it vulnerable to ransomware attacks like the one carried out by LockBit 3.0.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, is a sophisticated ransomware group that has evolved from previous iterations to become more modular, evasive, and dangerous. The group's use of obfuscation techniques, lateral movement capabilities, and Ransomware-as-a-Service model make it a significant threat to organizations across various industries, including education.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The recent activities of LockBit targeted diverse industries globally, with manufacturing companies, professional services, and the ICT sector being the most affected.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.