Ransomware Attack on Alabama Department of Education by Incransom

Overview of the Alabama Department of Education

The Alabama Department of Education (ALSDE) is a pivotal state agency responsible for overseeing public education from kindergarten through 12th grade. With an annual revenue of $20.61 billion and employing 664 people, the department ensures that educational standards are met and provides leadership and support for schools, educators, and students. The ALSDE's mission is to foster a learning environment that promotes academic success through initiatives like the Alabama Learning Exchange (ALEX) and the Alabama Math, Science, and Technology Initiative (AMSTI).

Details of the Ransomware Attack

On June 17, the ransomware group Incransom targeted the Alabama Department of Education. Although the department managed to prevent a complete system lockdown, hackers accessed some data and disrupted services. The compromised data potentially includes personal information of students and employees. Federal and state authorities, including the FBI and the Alabama Attorney General, are actively investigating the breach. The department has since enhanced its cybersecurity measures, restored affected systems from clean backups, and refused to negotiate with the attackers.

About Incransom

Incransom is a sophisticated cybercriminal group known for its targeted ransomware attacks on various sectors, including education, healthcare, and government entities. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. Incransom's attacks involve double extortion, where they not only encrypt data but also steal it and threaten to release it publicly to increase pressure on victims to comply with ransom demands.

Penetration and Vulnerabilities

Incransom likely penetrated the ALSDE's systems through a combination of spear-phishing and exploiting existing vulnerabilities. The department's extensive use of digital platforms and resources, while beneficial for educational purposes, also makes it a lucrative target for cybercriminals. The attack underscores the importance of robust cybersecurity measures, especially for organizations handling sensitive data.

Response and Current Status

In response to the attack, the ALSDE has taken significant steps to bolster its cybersecurity framework. The department has restored affected systems from clean backups and continues to provide updates on their dedicated webpage. Despite the disruption, the department remains committed to its mission of supporting Alabama's educational landscape.

Sources

• Professional Development - Alabama Department of Education
• Incransom - SentinelOne
• Alabama State Department of Education Profile - RocketReach
• Incransom Claims Ransomware Attack on NHS Scotland - CyberDaily