Medusa Ransomware Hits Providence Public School Department
Incident Date:
September 18, 2024
Overview
Title
Medusa Ransomware Hits Providence Public School Department
Victim
Providence Public School Department
Attacker
Medusa
Location
First Reported
September 18, 2024
Medusa Ransomware Attack on Providence Public School Department
The Providence Public School Department (PPSD), a significant urban school district in Providence, Rhode Island, has become the latest victim of a ransomware attack by the notorious Medusa group. The attackers claim to have exfiltrated 201.40 GB of sensitive data, including financial information, correspondence, and personally identifiable information (PII) of students and teachers. The ransom demand stands at $1,000,000, with a deadline set for September 25, 2024.
About Providence Public School Department
Established in 1977, PPSD serves approximately 21,700 students across 43 schools, including 21 elementary schools, seven middle schools, nine high schools, and two charter schools. The district employs around 3,600 professionals, including 1,895 teachers and 855 support staff. PPSD is recognized for its diverse student body, with significant representation from Latinx (69%) and Black (14%) communities. The district's commitment to inclusivity is evident, with around 40% of students being multilingual learners and 18% receiving special education services.
Attack Overview
The Medusa ransomware group has claimed responsibility for the attack on PPSD via their dark web leak site. The group has threatened to publish the stolen data within 8-9 days if their demands are not met. This attack has significant implications for the district, potentially exposing sensitive information of students and staff, and disrupting the educational services provided by PPSD.
About Medusa Ransomware Group
Medusa is a ransomware group that emerged in late 2022 and operates as a Ransomware-as-a-Service (RaaS) platform. The group has been involved in various high-profile attacks across multiple sectors globally. Medusa's ransomware is designed to kill numerous applications and services to prevent detection and mitigation, and it disables shadow copies to thwart recovery efforts. The group often demands substantial ransoms, with recent demands ranging from hundreds of thousands to millions of dollars.
Potential Vulnerabilities
Educational institutions like PPSD are often targeted by ransomware groups due to their extensive databases of sensitive information and sometimes limited cybersecurity resources. The attack on PPSD highlights the vulnerabilities in the education sector, where the need for advanced cybersecurity measures is critical to protect against such sophisticated threats.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.