Overnight, ransomware gang BlackSuit claimed the recent attack on London’s Charles Darwin School. It alleges to have stolen over 200GB of data which includes information on students and employees, as well as financial data. It has given the school until the end of today to pay up before the data is released.
On September 6, the school’s headteacher, Aston Smith, confirmed that the cyber incident was ‘worse than hoped’ and that it was in fact ransomware. As a result, the school was shut from September 9 to September 11. The school is expected to be without internet, emails, and access to other systems for three weeks.
In the letter, Smith also said:
There is the potential for all information held by the school to have been accessed. Our Data Protection Officer has reported the breach to the ICO (Information Commissioner’s Office) and is now conducting a full Data Impact Assessment. Information that is cloud based and with external providers have not been accessed, such as Parent Pay. We currently have a cybersecurity company completing a forensic investigation and until this in completed, we will not be able to provide any further details on the level of any data breach.
Unfortunately, as is the case in the majority of ransomware attacks, BlackSuit appears to have carried out a double-extortion attack by encrypting systems and stealing data. While the school continues its investigations into exactly what data has been stolen by the gang, we highly recommend that students, parents, and employees remain on high alert for any potential phishing emails, texts, and messages. It is also important to monitor accounts for any suspicious activity.
Who is BlackSuit?
BlackSuit first emerged in April 2023 and is a rebrand of the ransomware group, Royal. Since it first emerged as ‘BlackSuit’, we have logged 43 confirmed attacks via this group and 81 unconfirmed attacks.
It has recently been confirmed to be behind the attacks on US-based Young Consulting LLC in which 954,000 people were impacted and Japanese company KADOKAWA which affected over 254,000 people. It is also rumored to have received a $25 million ransom in its attack on car dealership technology provider, CDK Global.
BlackSuit is a private operation and doesn’t employ a ransomware-as-a-service business model.
Ransomware attacks on the education sector
Ransomware attacks on the education sector have the potential to cause widespread disruption both in system downtime and data theft. Our recent in-depth study into ransomware attacks on US education found that the average school loses $500,000 per day to downtime when hit by such an attack.
So far this year, we’ve noted 66 ransomware attacks on schools and colleges around the world with nearly 250,000 records impacted. This does appear to be a decline on last year’s figures of 183 attacks and 897,000 records affected. The average ransom across these attacks was $420,000.
However, we’ve also noted 91 unconfirmed attacks on the education sector this year so far–four of which are via BlackSuit.
About Charles Darwin School
Located in Biggin Hill, Kent, Charles Darwin School is home to around 1,320 secondary and sixth form students. The school is part of the Inicio Educational Trust which was formed in September 2023.