Harris Federation is not the only school academy trust hit by ransomware recently. Also hit in March was the Castle School Education Trust (CSET). As reported by Bristol Live, that attack affected not only CSET’s seven schools but 17 others maintained by the local authority who relied on the academy group’s IT infrastructure.
While no ransom was reportedly paid in either case, DataBreaches.net observed that there had been ransom price negotiations between Harris Federation and REvil. Harris’s negotiator stopped responding 8 days ago, when the ransom demand was still at $1.5 million. After waiting a few more days, REvil started dumping data. That dump three days ago did not bring Harris back to negotiations.
It is not known at this point whether it was REvil who attacked the Castle School Education Trust. Castle is not listed on their leak site, but not all victims are listed if the threat actors are negotiating or still hoping for a payout. But REvil may not be involved at all, and REvil is certainly not the only group that attacks the education sector.
But with so many education trusts and schools falling prey to ransomware attacks, what is the education sector doing to harden its security?