Ransomware Attack on Troy Area School District by LockBit Raises Security Concerns

Incident Date: Jul 19, 2024

Attack Overview

VICTIM

Troy Area School District

INDUSTRY

Education

LOCATION

USA

ATTACKER

Lockbit

FIRST REPORTED

July 19, 2024

Request Removal

Ransomware Attack on Troy Area School District by LockBit

Overview of the Victim

The Troy Area School District, located in Troy, Pennsylvania, serves students from kindergarten through 12th grade. The district is dedicated to providing a comprehensive educational experience, focusing on both academic achievement and personal development. With an annual revenue of approximately $18.7 million, the district employs between 201 and 500 individuals. The district is known for its commitment to community involvement and educational excellence, offering a variety of programs to support diverse student needs.

Details of the Attack

On July 19, 2024, the Troy Area School District was targeted by the ransomware group LockBit. The attack was discovered on the district's domain, troyareasd.org. While the exact size of the data leak remains unknown, the incident has raised significant concerns about the security of sensitive information within the school district. LockBit is known for its sophisticated attacks, employing "double extortion" tactics where sensitive data is exfiltrated and threatened to be released publicly if the ransom is not paid.

About LockBit

LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The group is known for exploiting vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.

Penetration and Impact

LockBit distinguishes itself by encrypting its payload until execution, hindering malware analysis and detection. The ransomware group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The attack on the Troy Area School District underscores the growing threat of cyberattacks on educational institutions, which often have vulnerabilities such as outdated software and insufficient cybersecurity measures.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.