Charles Darwin School Hit by BlackSuit Ransomware Attack
Incident Date:
September 11, 2024
Overview
Title
Charles Darwin School Hit by BlackSuit Ransomware Attack
Victim
Charles Darwin School
Attacker
Black Suit
Location
First Reported
September 11, 2024
Ransomware Attack on Charles Darwin School by BlackSuit Group
Charles Darwin School, a comprehensive secondary school located in Biggin Hill, Westerham, Greater London, has recently fallen victim to a ransomware attack orchestrated by the BlackSuit ransomware group. The school, which operates under the Charles Darwin Academy Trust, is known for its commitment to providing an excellent educational experience, focusing on inclusivity and innovative teaching methods.
Overview of the Attack
On September 6, the school's headteacher, Aston Smith, confirmed that the institution had been targeted by a ransomware attack. The BlackSuit group claimed responsibility, alleging that they had stolen over 200GB of sensitive data, including information on students, employees, and financial records. The attackers have set a deadline for the end of the day, threatening to release the stolen data if their ransom demands are not met. As a result, the school was forced to close from September 9 to September 11 and is expected to operate without internet and access to other critical systems for up to three weeks.
About Charles Darwin School
Charles Darwin School employs between 201-500 staff members and generates around $6.5 million in annual revenue. The school stands out in the education sector for its comprehensive curriculum that emphasizes hands-on activities and field trips, particularly those related to Charles Darwin's theories on evolution and natural selection. The institution's dedication to fostering a love for learning through innovative teaching methods makes it a unique and engaging environment for students.
Vulnerabilities and Impact
The attack has highlighted several vulnerabilities within the school's cybersecurity infrastructure. The compromised data includes sensitive information on students and staff, which could have severe implications if released. The school has reported the breach to the Information Commissioner’s Office (ICO) and is conducting a full Data Impact Assessment with the help of a cybersecurity firm. Despite the severity of the attack, data stored with external providers, such as Parent Pay, remains secure.
About BlackSuit Ransomware Group
The BlackSuit ransomware group is known for its sophisticated attacks on various sectors, including education. The group typically gains initial access through compromised credentials and employs advanced techniques for data exfiltration and encryption. Their recent shift towards exfiltration-based extortion underscores the evolving threat landscape posed by such ransomware groups. The attack on Charles Darwin School is a stark reminder of the importance of cybersecurity measures in protecting sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.