LockBit 3.0 Ransomware Attack on EVW School District
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on EVW School District
Victim
Eden Valley-Watkins Independent School District #463
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on EVW School District by LockBit 3.0
Victim Profile
The Eden Valley-Watkins Independent School District #463, located in Eden Valley, Minnesota, is a public school district serving students in Eden Valley, Watkins, and surrounding areas. The district operates one elementary school and one secondary school, offering a wide range of educational programs and extracurricular activities to support student development.
Company Size and Industry Standing
The school district is a prominent educational institution known for its high standards and rigorous academic, arts, and athletic programs. The district's commitment to personalized learning opportunities, mental health programs, and community engagement sets it apart in the education sector.
Attack and Vulnerabilities
The LockBit 3.0 cybercrime group targeted the EVW School District in a ransomware attack, exfiltrating 19 GB of data, including invoices, financial records, and other documents. While no specific ransom demand was issued, the attackers leaked a sample of the exfiltrated data, highlighting the severity of the breach. The district's reliance on digital systems for administrative and educational purposes could have made it vulnerable to ransomware attacks like the one carried out by LockBit 3.0.
Ransomware Group Distinction
LockBit 3.0, also known as LockBit Black, is a sophisticated ransomware group that has evolved from previous iterations to become more modular, evasive, and dangerous. The group's use of obfuscation techniques, lateral movement capabilities, and Ransomware-as-a-Service model make it a significant threat to organizations across various industries, including education.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The recent activities of LockBit targeted diverse industries globally, with manufacturing companies, professional services, and the ICT sector being the most affected.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.