Ransomware Attack on Stratford School Academy by Rhysida

Stratford School Academy, a mixed, all-ability, and non-faith secondary school located in Forest Gate, London, has recently fallen victim to a ransomware attack orchestrated by the notorious Rhysida group. The attack was discovered on September 9, 2024, and has raised significant concerns about the security of educational institutions.

About Stratford School Academy

Stratford School Academy serves students aged 11 to 16, emphasizing academic excellence, personal development, and community involvement. The school is recognized for its academic achievements, being placed in the top 10% of schools nationally for student progress and achieving record GCSE results in recent years. The academy operates a house system for pastoral care and offers a wide range of extracurricular activities, including sports, arts, and academic clubs.

Vulnerabilities and Targeting

Educational institutions like Stratford School Academy are increasingly becoming targets for ransomware attacks due to their reliance on digital infrastructure and often limited cybersecurity resources. The school's commitment to providing a comprehensive educational experience makes it a repository of valuable data, including personal information of students and staff, which can be exploited by threat actors.

Attack Overview

The Rhysida ransomware group claimed responsibility for the attack via their dark web leak site. While the exact size of the data leak has not been disclosed, the attack has undoubtedly disrupted the school's operations. Rhysida's double extortion tactics involve not only encrypting data but also threatening to leak sensitive information unless a ransom is paid.

About Rhysida Ransomware Group

Rhysida emerged in May 2023 and operates as a Ransomware-as-a-Service (RaaS). The group is known for its sophisticated attacks and double extortion tactics, targeting various sectors, including education. Rhysida typically gains entry through compromised credentials, phishing campaigns, or exploiting vulnerabilities. Once inside, they encrypt files using advanced algorithms and threaten to publish stolen data on the dark web.

Penetration Methods

Rhysida likely penetrated Stratford School Academy's systems through compromised credentials or phishing attacks. The group is adept at using valid VPN and Remote Desktop Protocol (RDP) credentials for lateral movement within networks. Their encryption methods involve a combination of 4096-bit RSA and ChaCha20 algorithms, making it challenging for victims to recover data without paying the ransom.

• Stratford School Academy
• SOCRadar: Rhysida Ransomware
• Tripwire: Rhysida Ransomware
• Logpoint: Uncovering Rhysida
• eSentire: Rhysida Ransomware Group