Ransomware group Medusa yesterday claimed responsibility for a cyber attack on Providence, Rhode Island public schools that began last week. Medusa is demanding $1 million in ransom and says it stole 201 GB of data.
Providence Public Schools on Wednesday began notifying staff and students that it was experiencing technical difficulties and shut down internet access on campus. Teachers and students resorted to pen and paper in classrooms. The district instructed teachers to refrain from connecting personal devices to the school network and school devices to home and mobile networks. Microsoft 365 also experienced issues, and printing documents was impacted.
The school’s alert states, “PPSD is currently experiencing technical difficulties across some of our networks impacting internet access. IT is working diligently to resolve these issues. Out of an abundance of caution, please refrain from connecting your PPSD computers & devices to your home network & mobile devices.”
Providence Public Schools have not stated that the IT difficulties are the result of a cyber attack, nor has it verified Medusa’s claim. Medusa has not stated what the allegedly stolen data contains. We do not yet know whether the district paid a ransom or how attackers breached its network. Comparitech contacted the district for comment and will update this article if it responds.
Who is Medusa?
Medusa first surfaced in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay twice: once to decrypt their systems, and once for not selling or publishing stolen data.
Medusa has claimed 43 confirmed ransomware attacks so far in 2024, affecting 51,886 records. The group is set to surpass its 2023 figures, during which it claimed 43 attacks affecting 194,300 records. Medusa’s average ransom is $667,907 in 2024 and was $821,310 in 2023.
Comparitech logged another 107 ransomware attacks claimed by Medusa but not confirmed by victims.
Providence is far from the first school attacked by Medusa. The group has launched successful attacks against Traverse City Area Public Schools (MI), Lee University (TN), Hinsdale School District (NH), Campbell County School District (KY), Glendale Unified School District (CA), Hopewell Area School District (PA), Great Valley School District (PA), Ada Borup-West School District (MN), Emerson Public School District (NJ), St. Landry Parish School Board (LA), Salem Community Schools (IN), Uniondale Union Free School District (NY), Bishop Luffa School (UK), Open University of Cyprus, Institute of Space Technology (Pakistan), and Minneapolis Public Schools (MN).
Ransomware attacks on US education
Ransomware attacks on schools and other education facilities can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Ransomware attacks are often two-pronged: they lock down systems and steal data.
In 2024 so far, Comparitech researchers recorded 36 attacks on targets in the education sector, affecting 241,502 records. This is significantly less than in 2023, which saw 212 attacks and nearly 2.7 million records affected. The average ransom for schools in 2024 is $1.3 million.
Other recent attacks on schools include those on Charleston County School District (RansomHub), Gadsden Independent School District (unknown attacker), and West Allis West Milwaukee School District (Fog).
Another 56 ransomware attacks on US education were claimed but not confirmed by targets.
About Providence Public Schools
The Providence Public School District is composed of 37 schools, grades K-12, plus two charter schools in Providence, Rhode Island. It employs more than 1,800 teachers, 800 other staff, and serves roughly 20,000 students.