Ransomware Attack on Englewood Public School District by LockBit 3.0
Incident Date:
May 16, 2024
Overview
Title
Ransomware Attack on Englewood Public School District by LockBit 3.0
Victim
Englewood Public School District
Attacker
Lockbit3
Location
First Reported
May 16, 2024
Ransomware Attack on Englewood Public School District by LockBit 3.0
Victim Overview
The Englewood Public School District, located in Englewood, New Jersey, was targeted by the cybercrime group LockBit 3.0. The district operates in the education sector, providing education to students in the area.
Company Size and Standout
The size of the Englewood Public School District is significant, serving students in Englewood, New Jersey. The district is notable for its commitment to education and community engagement, offering various programs and services to support student learning and well-being.
Vulnerabilities
Being in the education sector, the Englewood Public School District may have been targeted by threat actors due to the sensitive nature of the data they hold, including student and staff information. Educational institutions are often seen as lucrative targets for ransomware attacks due to the valuable data they possess.
Attack Details
LockBit 3.0, a Ransomware-as-a-Service (RaaS) group, used ransomware to compromise the district's website. The attack likely involved encrypting files, modifying filenames, changing desktop wallpaper, and dropping a ransom note on the victim's desktop.
Ransomware Group Overview
LockBit 3.0 is an evolution of the LockBit ransomware group, known for its advanced and dangerous ransomware capabilities. The group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks.
Penetration Method
The ransomware group distinguishes itself by its advanced features, including the ability to move laterally through a network via group policy updates and delete traces of itself to cover its tracks. The ransomware group may have penetrated the Englewood Public School District's systems through phishing emails, unpatched software vulnerabilities, or weak security practices.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.