Ransomware Attack Disrupts Stratford School Academy Operations

Incident Date:

September 8, 2024

World map

Overview

Title

Ransomware Attack Disrupts Stratford School Academy Operations

Victim

Stratford School Academy

Attacker

Rhysida

Location

London, United Kingdom

, United Kingdom

First Reported

September 8, 2024

Ransomware Attack on Stratford School Academy by Rhysida

Stratford School Academy, a mixed, all-ability, and non-faith secondary school located in Forest Gate, London, has recently fallen victim to a ransomware attack orchestrated by the notorious Rhysida group. The attack was discovered on September 9, 2024, and has raised significant concerns about the security of educational institutions.

About Stratford School Academy

Stratford School Academy serves students aged 11 to 16, emphasizing academic excellence, personal development, and community involvement. The school is recognized for its academic achievements, being placed in the top 10% of schools nationally for student progress and achieving record GCSE results in recent years. The academy operates a house system for pastoral care and offers a wide range of extracurricular activities, including sports, arts, and academic clubs.

Vulnerabilities and Targeting

Educational institutions like Stratford School Academy are increasingly becoming targets for ransomware attacks due to their reliance on digital infrastructure and often limited cybersecurity resources. The school's commitment to providing a comprehensive educational experience makes it a repository of valuable data, including personal information of students and staff, which can be exploited by threat actors.

Attack Overview

The Rhysida ransomware group claimed responsibility for the attack via their dark web leak site. While the exact size of the data leak has not been disclosed, the attack has undoubtedly disrupted the school's operations. Rhysida's double extortion tactics involve not only encrypting data but also threatening to leak sensitive information unless a ransom is paid.

About Rhysida Ransomware Group

Rhysida emerged in May 2023 and operates as a Ransomware-as-a-Service (RaaS). The group is known for its sophisticated attacks and double extortion tactics, targeting various sectors, including education. Rhysida typically gains entry through compromised credentials, phishing campaigns, or exploiting vulnerabilities. Once inside, they encrypt files using advanced algorithms and threaten to publish stolen data on the dark web.

Penetration Methods

Rhysida likely penetrated Stratford School Academy's systems through compromised credentials or phishing attacks. The group is adept at using valid VPN and Remote Desktop Protocol (RDP) credentials for lateral movement within networks. Their encryption methods involve a combination of 4096-bit RSA and ChaCha20 algorithms, making it challenging for victims to recover data without paying the ransom.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.