Ransomware Attack on Maryville Academy Exposes Vulnerabilities
Incident Date:
August 5, 2024
Overview
Title
Ransomware Attack on Maryville Academy Exposes Vulnerabilities
Victim
Maryville Academy
Attacker
Rhysida
Location
First Reported
August 5, 2024
Ransomware Attack on Maryville Academy by Rhysida
Maryville Academy, a non-profit organization based in Des Plaines, Illinois, has recently fallen victim to a ransomware attack orchestrated by the Rhysida Ransomware Group. The attack was discovered on August 5, 2024, and has raised significant concerns about the security of organizations dedicated to vulnerable populations.
About Maryville Academy
Maryville Academy has been a cornerstone in the Chicago area since its founding in 1883. Originally established as an orphanage, the organization has evolved to provide a wide range of services aimed at protecting children and strengthening families. These services include educational programs, family support, healthcare, and residential care. The organization employs approximately 300 staff members and operates multiple facilities across Illinois, serving thousands of children and families annually.
Maryville Academy stands out for its comprehensive approach to child welfare, focusing on intellectual, spiritual, moral, and emotional growth. The organization is accredited by the Council on Accreditation (COA) and employs a trauma-informed care model to address the root causes of trauma.
Details of the Attack
The Rhysida Ransomware Group, a relatively new but increasingly notorious player in the cybercrime arena, claimed responsibility for the attack on Maryville Academy via their dark web leak site. The exact size of the data leak remains unknown, but the incident underscores the growing threat of cyberattacks on organizations dedicated to vulnerable populations.
Rhysida ransomware is known for its sophisticated techniques, including the use of the ChaCha20 encryption algorithm and double extortion tactics. The group typically deploys ransomware through phishing campaigns and leverages valid credentials to establish network connections. Once inside a network, Rhysida uses tools like PsExec for lateral movement and encrypts files, appending the ".rhysida" extension.
Vulnerabilities and Impact
Maryville Academy's extensive use of digital systems for managing sensitive information about children and families makes it a prime target for ransomware attacks. The organization's reliance on government contracts and private donations also means that any disruption can have severe financial and operational consequences. The attack on Maryville Academy highlights the urgent need for enhanced cybersecurity measures in organizations that serve vulnerable populations.
About Rhysida Ransomware Group
First sighted in May 2023, the Rhysida Ransomware Group has quickly gained notoriety for its attacks on various sectors, including education, healthcare, and government. The group employs a double extortion strategy, stealing data before encrypting it and threatening to publish the data unless a ransom is paid. Rhysida's ransomware is a 64-bit Portable Executable (PE) Windows application, and the group exclusively accepts Bitcoin payments.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.