Cressex Community School Hit by RansomHouse Ransomware Attack

Overview of the Attack

On March 22, 2024, Cressex Community School, a secondary school located in High Wycombe, Buckinghamshire, suffered a significant ransomware attack. The notorious data extortion group RansomHouse claimed responsibility, posting evidence of the breach on their dark web leak site. Approximately 300GB of data was compromised, significantly impacting the school's IT systems.

About Cressex Community School

Cressex Community School is known for its commitment to high educational achievement and fostering positive attitudes towards learning. The school has around 762 students with a student-teacher ratio of 17:1. It has been rated "Good" by Ofsted in various categories, including leadership, management, and the quality of teaching. Although it does not generate revenue, it is a publicly funded institution dedicated to providing quality education under the guidance of the local authority and the UK government.

Details of the Attack

The ransomware attack by RansomHouse led to the encryption of critical data on March 25, 2024. Despite the severity of the attack, the school managed to continue operations without interruption, thanks to its Cyber Response Plan. The incident was promptly reported to the Information Commissioner’s Office (ICO) and is currently under investigation by relevant authorities.

The attackers posted evidence of the breach, which attracted significant attention online, although a full data dump has not yet been made available. The school's data, including sensitive information, is being held ransom, with the exact demands and negotiation details yet to be disclosed publicly.

About RansomHouse

RansomHouse is a data extortion group that differentiates itself by not encrypting files but rather exfiltrating sensitive data and threatening to release it unless a ransom is paid. Emerging in late 2021, the group claims to be "professional mediators" shining a light on companies with inadequate security measures. They have been linked to other ransomware groups such as White Rabbit and Hive and are known for using Tor-based communication methods and accepting ransom payments in Bitcoin.

RansomHouse’s approach involves a deep infiltration into the target's network to exfiltrate data stealthily. This method allows them to maintain a presence in the victim’s system for extended periods before detection, increasing the potential impact of their attacks.

Impact and Response

The attack on Cressex Community School highlights the vulnerabilities educational institutions face in the current cybersecurity landscape. Despite its public funding and educational focus, the school's substantial data holdings made it an attractive target for cybercriminals. The school's proactive response and the community's resilience have been crucial in managing the crisis and mitigating further damage.

The ongoing investigation and collaboration with cybersecurity specialists aim to enhance the school's defenses against future attacks. The incident underscores the importance of robust cybersecurity measures and the need for constant vigilance against evolving threats.

Sources

• High Wycombe Cressex Community School hit by cyber attack - Bucks Free Press
• High Wycombe school hit by cyber attack - Yahoo News UK
• RansomHouse Ransomware Victim: Cressex Community School - RedPacket Security
• Detected: Cressex Community School falls victim to the RansomHouse Ransomware - Marco Ramilli