Rhysida Ransomware Hits Granite School District in Utah

Incident Date: Nov 09, 2024

Attack Overview

VICTIM

Granite School District

INDUSTRY

Education

LOCATION

USA

ATTACKER

Rhysida

FIRST REPORTED

November 9, 2024

Request Removal

Rhysida Ransomware Attack on Granite School District

On November 11, 2024, Granite School District, a major educational institution in Utah, fell victim to a ransomware attack orchestrated by the Rhysida group. This incident underscores the vulnerabilities educational institutions face in the digital age, particularly when targeted by sophisticated cybercriminals.

Granite School District: A Brief Overview

Granite School District, established in 1904, is the second-largest school district in Utah, serving approximately 70,649 students across 90 schools. The district is renowned for its comprehensive educational programs, which emphasize critical thinking, creativity, and collaboration. With a workforce of over 7,500 staff members, including 3,352 teachers, the district is a cornerstone of the community, providing diverse educational opportunities from preschool through high school.

Details of the Ransomware Attack

The Rhysida ransomware group claimed responsibility for the attack, demanding a ransom of 20 Bitcoin, roughly equivalent to $1,500,000, with a payment deadline set for November 16, 2024. The extent of the data compromised remains undisclosed, but the attack has undoubtedly disrupted the district's operations. The district's official website, graniteschools.org, was identified as the victim, highlighting the potential impact on both administrative functions and student learning resources.

Rhysida Ransomware Group: A Notorious Threat

Emerging in May 2023, Rhysida has quickly established itself as a formidable player in the Ransomware-as-a-Service (RaaS) ecosystem. Known for targeting critical sectors like healthcare and education, Rhysida employs a double extortion model, threatening to release exfiltrated data if ransoms are not paid. Their tactics often involve exploiting phishing and VPN vulnerabilities, allowing them to infiltrate systems with high data sensitivity and operational continuity.

Potential Vulnerabilities and Penetration Methods

Granite School District's extensive digital infrastructure, designed to support a large student and staff population, may have presented vulnerabilities that Rhysida exploited. The group's use of phishing and VPN exploitation suggests that the district's defenses against such tactics may have been insufficient. The attack highlights the critical need for enhanced cybersecurity measures in educational institutions, which are increasingly becoming targets for cybercriminals.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.