hiveleak attacks Wootton Upper School

Incident Date:

August 18, 2022

World map



hiveleak attacks Wootton Upper School


Wootton Upper School




Hall End Rd, United Kingdom

Bedford MK HT, United Kingdom

First Reported

August 18, 2022

Wootton Upper School Targeted by Hive Ransomware Group

Victim Profile

Wootton Upper School is part of the Wootton Academy Trust, which operates in the education sector. The school's website provides information about the school's mission, values, and facilities. The school is known for its commitment to providing a high-quality education and fostering a supportive learning environment.

Vulnerabilities and Impact

The Hive ransomware group claimed to have breached the Trust's network several weeks ago and obtained sensitive data, including home addresses, bank details, medical records, and students' psychological reviews. The group threatened to release this data if the Trust did not pay the ransom. The attack disrupted the school's operations, affecting scheduling for next year and the production of some grade sheets.

The Trust has reported the incident to the Information Commissioner's Office and the police. The school's executive principal, Michael Gleeson, has confirmed the attack and is working with specialist third-party experts to rebuild the IT system. The Trust has also engaged its insurer to assist with minimizing disruption.

Hive Ransomware Group

Hive is a Russian-speaking ransomware-as-a-service gang that has been active since June 2021. The group has targeted over 350 victims, including organizations in the private and public sectors. Hive is known for its aggressive tactics and has been particularly active in the healthcare sector. The group has reportedly demanded large ransoms, such as $50m in Bitcoin from European consumer electronics retailer MediaMarkt.

The Hive ransomware group's attack on Wootton Upper School highlights the increasing threat of cybercrime in the education sector. Despite the disruption caused by the attack, the school is taking steps to rebuild its IT system and investigate the extent of the data breach. The incident serves as a reminder for schools and educational institutions to prioritize cybersecurity measures to protect sensitive data and mitigate the risks of ransomware attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.