Ransomware Attack on Troy Area School District by LockBit Raises Security Concerns
Incident Date:
July 19, 2024
Overview
Title
Ransomware Attack on Troy Area School District by LockBit Raises Security Concerns
Victim
Troy Area School District
Attacker
Lockbit3
Location
First Reported
July 19, 2024
Ransomware Attack on Troy Area School District by LockBit
Overview of the Victim
The Troy Area School District, located in Troy, Pennsylvania, serves students from kindergarten through 12th grade. The district is dedicated to providing a comprehensive educational experience, focusing on both academic achievement and personal development. With an annual revenue of approximately $18.7 million, the district employs between 201 and 500 individuals. The district is known for its commitment to community involvement and educational excellence, offering a variety of programs to support diverse student needs.
Details of the Attack
On July 19, 2024, the Troy Area School District was targeted by the ransomware group LockBit. The attack was discovered on the district's domain, troyareasd.org. While the exact size of the data leak remains unknown, the incident has raised significant concerns about the security of sensitive information within the school district. LockBit is known for its sophisticated attacks, employing "double extortion" tactics where sensitive data is exfiltrated and threatened to be released publicly if the ransom is not paid.
About LockBit
LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The group is known for exploiting vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.
Penetration and Impact
LockBit distinguishes itself by encrypting its payload until execution, hindering malware analysis and detection. The ransomware group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The attack on the Troy Area School District underscores the growing threat of cyberattacks on educational institutions, which often have vulnerabilities such as outdated software and insufficient cybersecurity measures.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.