blackbyte attacks London College of Beauty Therapy

Incident Date:

March 30, 2022

World map



blackbyte attacks London College of Beauty Therapy


London College of Beauty Therapy




The Quays, United Kingdom

Salford, United Kingdom

First Reported

March 30, 2022

Ransomware Attack on London College of Beauty Therapy

Company Overview

The London College of Beauty Therapy, an educational institution specializing in aesthetics and beauty treatments, has been targeted by the ransomware group Blackbyte. The attack was announced on the group's dark web leak site, and the victim's website was identified as the source of the breach.

The London College of Beauty Therapy offers a range of courses for beginners and non-medics, including the L3 CPD Principles of Cosmetic Practice for Aesthetic Practitioners. This course provides an entry-level qualification into the Beauty and Aesthetics industry, with a focus on health and safety, communication, client assessment, and anatomy and physiology for skin treatments. The course is designed for those working towards a career in aesthetics and skin rejuvenation, without following the traditional beautician route.

Vulnerabilities and Impact

The specific details about the size of the company and its vulnerabilities in being targeted by threat actors are not available. However, it is known that the attack occurred in the Education sector, which has been a target for ransomware groups in recent years. The impact of the attack on the London College of Beauty Therapy is not explicitly stated, but it is mentioned that the victim's website was compromised.

Ransomware Group

Blackbyte is a ransomware group that has been active in targeting various organizations worldwide, causing personal data breaches in many of them. The group's activities are updated thrice daily on the "Ransomwatch" website, which is an initiative by the National High Tech Crime Unit of the Netherlands' police, Europol's European Cybercrime Centre, Kaspersky, and McAfee.

Mitigation Strategies

While the article does not include general information about mitigating ransomware attack risks, it is essential for organizations to implement robust cybersecurity measures to protect against such attacks. This includes regular software updates, employee training, and the use of antivirus software. In the event of a ransomware attack, organizations should have a well-defined incident response plan in place to minimize the impact and ensure a swift recovery.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.