Saturday, March 2, 2024

Rhysida Ransomware Group Claims Responsibility for Prince George's County School Cyberattack

 The recently established Rhysida ransomware group has claimed responsibility for the cyberattack on Maryland's Prince George's County school systems that occurred on. August 14th, targeting one of the largest school districts in the United States.
This ransom group included the Maryland school district in its dark leak site on the Friday just preceding the commencement of the 2024-25 school year, a mere three days away.

Prince George's County Public School System (PGCPS), ranking as one of the nation's 20 largest school districts, fell victim to a cyberattack in the early hours of August 14th.
Although the district reported that only approximately 4,500 user accounts out of 180,000 were affected, primarily staff accounts, it now appears that sensitive data from these compromised user accounts has surfaced on Rhysida's leak site, with a price tag of 15 Bitcoin or approximately $390,000 USD.
Rhysida seems to be auctioning off a substantial volume of stolen data from the breach, including passports, driver's licenses, and other sensitive information; however, they have not disclosed a specific quantity. The auction is set to conclude six days from the initial listing on Friday, as indicated by the countdown clock displayed on PGCPS. The district had been posting updates about the network outage on its website, with the latest update from August 18th preceding Rhysida's claim of responsibility.

In response to the situation, PGCPS has stated, "Prince George's County Public Schools (PGCPS), with the assistance of cybersecurity experts, continues to thoroughly investigate the cyberattack that disrupted our servers...We are now focused on completely restoring our technology environment and analyzing the scope of the event to determine any current and future data loss."
"While we are currently unaware of any specific misuse of information, cyber-attacks of this nature typically result in a breach of data. We will provide updates as needed," the district added.
Simultaneously, on its dark leak site, Rhysida posted the following alongside PGCPS data samples: "With just seven days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data. Open your wallets and be ready to buy exclusive data."
"We sell only to one hand, no reselling, you will be the only owner!" the group asserted. 
Shortly after becoming aware of the breach, PGCPS urged all system users to reset their passwords as a precautionary measure. Students will also be required to reset their passwords during the first week of school, commencing on August 28th, although the district stated that its primary business and student information systems did not appear to be impacted by the incident.
Furthermore, PGCPS expressed its commitment to reach out to any affected victims in the coming days.

Situated in the Washington DC Corridor, the Prince George County school district boasts more than 200 schools and centers, serving over 133,000 students and employing nearly 20,000 staff members, as stated on its website.
Rhysida's Ongoing Activities: This relatively lesser-known threat actor has been on the ransomware scene since late May, according to US government officials who profiled the group earlier this month.
Earlier this week, Rhysida claimed responsibility for a crippling attack on the California-based healthcare conglomerate Prospect Medical Holdings (PMH), which occurred on August 3rd. This ransom attack forced several hospitals and medical facilities in Connecticut and Pennsylvania to suspend services and divert patients for several days.
PMH's subsidiaries include 17 hospitals and 165 outpatient facilities across five states, including Rhode Island and New Jersey.
In addition to adding PMH as a victim on their dark leak site, the threat actor set up a live auction offering over 2.3 terabytes of sensitive data, allegedly stolen in that attack, including an entire SQL database.

Another victim, Washington State's Pierce College, has also fallen prey to Rhysida, with the gang allegedly selling the school's stolen data starting at 10 Bitcoin to the highest bidder. This auction is scheduled to conclude on Monday.
Rhysida's leak site lists 40 other victims, nearly three times the number of victims indicated in the US officials' warning bulletin about the group on August 4th.
Rhysida is believed to have connections to the Vice Society ransom gang, notorious for its attacks on the education sector, primarily in the US, Canada, and the UK.

No comments:

Post a Comment

AT&T Data Breach: 73 Million Customers' Information Leaked, Company Confirms

AT&T has confirmed a data breach impacting 73 million current and former customers, despite initially denying that the leaked data origi...