Blacksuit Ransomware Strikes Edwood Schools, Disrupting Operations and Data Integrity
Incident Date:
June 25, 2024
Overview
Title
Blacksuit Ransomware Strikes Edwood Schools, Disrupting Operations and Data Integrity
Victim
Edwood Schools
Attacker
Black Suit
Location
First Reported
June 25, 2024
Blacksuit Ransomware Group Targets Edwood Schools
Overview of Edwood Schools
Edwood Schools, part of the Richland-Bean Blossom Community School Corporation (RBBCSC), is located in Ellettsville, Indiana. Serving a diverse student population across elementary, middle, and high school levels, the institution is committed to fostering intellectual, social, and emotional development through a comprehensive curriculum and various extracurricular activities. With a mission of "Caring. Daring. Preparing.", Edwood Schools aims to empower learners to reach their fullest potential. The district employs between 51-100 people and has an annual revenue of $1M-$5M. Known for its commitment to student well-being, the school provides support services such as counseling, special education, and health services.
Details of the Ransomware Attack
Recently, Edwood Schools became a victim of a ransomware attack by the Blacksuit ransomware group. Blacksuit publicly claimed responsibility on their dark web leak site, listing Edwood Schools as a victim. The group encrypted critical data, appending the .blacksuit extension to affected files, and left a ransom note named README.BlackSuit.txt in each compromised directory. The note directed victims to a Tor chat site for further communication. While the exact ransom demand and deadline remain undisclosed, the attack has significantly impacted the school's operations and data integrity, given the sensitive nature of the information handled by educational institutions.
About the Blacksuit Ransomware Group
Blacksuit is a new ransomware family that emerged in 2023, closely related to the notorious Royal ransomware group. Experts have noted significant similarities in code and functionality between the two. Blacksuit targets both Windows and Linux systems, including VMware ESXi servers, making it a versatile and potent threat. Researchers suggest that Blacksuit could be a new variant developed by the same authors as Royal, a copycat using similar code, or an affiliate of the Royal ransomware gang. The emergence of Blacksuit indicates that the threat actors behind Royal may have inspired other cybercriminals to develop similar ransomware families.
Potential Vulnerabilities and Attack Vectors
Educational institutions like Edwood Schools are often targeted by ransomware groups due to several vulnerabilities, including outdated software, insufficient cybersecurity measures, and the high value of the data they hold. Schools manage a vast amount of sensitive information, making them lucrative targets for cybercriminals. In the case of Edwood Schools, the attack could have been facilitated by exploiting vulnerabilities in their IT infrastructure, such as unpatched software, weak passwords, or phishing attacks. The ransomware group may have gained initial access through compromised credentials or by exploiting known vulnerabilities in the school's network.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.