Ransomware Attack Disrupts Stratford School Academy Operations
Incident Date:
September 8, 2024
Overview
Title
Ransomware Attack Disrupts Stratford School Academy Operations
Victim
Stratford School Academy
Attacker
Rhysida
Location
First Reported
September 8, 2024
Ransomware Attack on Stratford School Academy by Rhysida
Stratford School Academy, a mixed, all-ability, and non-faith secondary school located in Forest Gate, London, has recently fallen victim to a ransomware attack orchestrated by the notorious Rhysida group. The attack was discovered on September 9, 2024, and has raised significant concerns about the security of educational institutions.
About Stratford School Academy
Stratford School Academy serves students aged 11 to 16, emphasizing academic excellence, personal development, and community involvement. The school is recognized for its academic achievements, being placed in the top 10% of schools nationally for student progress and achieving record GCSE results in recent years. The academy operates a house system for pastoral care and offers a wide range of extracurricular activities, including sports, arts, and academic clubs.
Vulnerabilities and Targeting
Educational institutions like Stratford School Academy are increasingly becoming targets for ransomware attacks due to their reliance on digital infrastructure and often limited cybersecurity resources. The school's commitment to providing a comprehensive educational experience makes it a repository of valuable data, including personal information of students and staff, which can be exploited by threat actors.
Attack Overview
The Rhysida ransomware group claimed responsibility for the attack via their dark web leak site. While the exact size of the data leak has not been disclosed, the attack has undoubtedly disrupted the school's operations. Rhysida's double extortion tactics involve not only encrypting data but also threatening to leak sensitive information unless a ransom is paid.
About Rhysida Ransomware Group
Rhysida emerged in May 2023 and operates as a Ransomware-as-a-Service (RaaS). The group is known for its sophisticated attacks and double extortion tactics, targeting various sectors, including education. Rhysida typically gains entry through compromised credentials, phishing campaigns, or exploiting vulnerabilities. Once inside, they encrypt files using advanced algorithms and threaten to publish stolen data on the dark web.
Penetration Methods
Rhysida likely penetrated Stratford School Academy's systems through compromised credentials or phishing attacks. The group is adept at using valid VPN and Remote Desktop Protocol (RDP) credentials for lateral movement within networks. Their encryption methods involve a combination of 4096-bit RSA and ChaCha20 algorithms, making it challenging for victims to recover data without paying the ransom.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.