KillSec Ransomware Attack Exposes Sensitive Data on School Rush Platform

Incident Date:

August 22, 2024

World map

Overview

Title

KillSec Ransomware Attack Exposes Sensitive Data on School Rush Platform

Victim

School Rush

Attacker

Killsec

Location

Southlake, USA

Texas, USA

First Reported

August 22, 2024

Ransomware Attack on School Rush by KillSec

School Rush, a prominent platform in the education sector, has recently fallen victim to a ransomware attack orchestrated by the notorious group KillSec. This incident has raised significant concerns about the security of sensitive information within educational institutions.

About School Rush

School Rush is a comprehensive school communications platform designed to enhance interactions between schools, parents, and students. The platform primarily functions as a mobile application that integrates various communication tools, making it easier for educational institutions to manage and disseminate information effectively. School Rush syncs with a school's Student Information System (SIS) through Clever.com, allowing for real-time updates of class rosters, staff, and parent contact information.

Attack Overview

The ransomware group KillSec has claimed responsibility for the attack on School Rush via their dark web leak site. The attackers have managed to obtain a full database dump containing sensitive information, including the first and last names, email addresses, home and cell phone numbers, relationships, and Student SIS numbers of both students and parents. KillSec has threatened to make this data publicly available if their demands are not met, putting the privacy and security of numerous families at risk.

About KillSec

KillSec, also known as Kill Security, is a ransomware group known for targeting various industries and countries. The group has been active in sectors such as government, manufacturing, defense, professional services, banking, and education. KillSec uses a variety of communication channels, including Telegram and TOR, and demands ransom payments in Monero (XMR) cryptocurrency. The group is tracked by various cybersecurity platforms, including ID Ransomware and Ransom-DB.

Vulnerabilities and Penetration

School Rush's reliance on real-time synchronization with SIS through Clever.com may have presented vulnerabilities that KillSec exploited. The platform's extensive database of sensitive information, including student and parent contact details, made it an attractive target for ransomware attacks. The exact method of penetration remains unclear, but it is likely that KillSec used sophisticated phishing attacks or exploited unpatched software vulnerabilities to gain access to School Rush's systems.

Impact on School Rush

The attack on School Rush has significant implications for the privacy and security of the families using the platform. The potential public release of sensitive information could lead to identity theft, financial loss, and other forms of cybercrime. This incident underscores the importance of stringent cybersecurity measures in protecting educational institutions and their stakeholders.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.