Ransomware gang RansomHub today claimed responsibility for a cyber attack on Interboro Schools last month. The Pennsylvania school district confirmed it was the victim of a ransomware attack on October 28, 2024, and cancelled classes the following day due to network issues.
In a post on its leak site, RansomHub says it stole 1.1 TB of data from the school district. Interboro officials have not verified RansomHub’s claim.
“Interboro School District recently identified unusual network activity that is impacting the functionality of some of our IT systems,” the district said in a statement. “The district immediately initiated its incident response plan, involving a team of IT specialists to assess the status of our technology systems. We are also undertaking a thorough investigation to understand the nature and scope of the disruption.”
We do not yet know whether any personal data was compromised in the attack, if the school paid a ransom, how much RansomHub demanded, or how attackers breached Interboro’s network. Comparitech contacted district officials for comment and will update this article if they respond.
RansomHub set a deadline on November 29, 2024 for the school to pay the ransom. If not, RansomHub might publish or sell stolen info and withhold keys to restore school systems.
Who is RansomHub?
RansomHub runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health.
RansomHub claimed 70 confirmed and 370 unconfirmed attacks since it began posting claims in February this year. Its pace has quickened recently, claiming 66 attacks so far just in November. Confirmed RansomHub attacks have compromised nearly 5.4 million records.
Other recently-confirmed claims by RansomHub include attacks on medical tech company PracticeSuite, the Mexican government, Hellenic Open University, Cape Cod Academy, a government office in Romania, and Grupo Aeroportuario Centro Norte in Mexico.
Ransomware attacks on US education
Ransomware attacks can both steal data from and lock down a school’s computer systems by infecting them with malware. The school must then pay a ransom for a key to unlock the computer systems, and so the attacker will agree to not sell or publish the stolen data.
Ransomware can disrupt systems used for assignments, grades, communications with teachers and staff, billing, payroll, and more. Schools often have to resort to pen and paper until systems are restored, and some even cancel classes in the wake of ransomware attacks. If a school refuses to pay, restoration can take weeks or even months, and students and staff whose data was compromised are put at greater risk of identity theft.
Comparitech researchers logged 55 confirmed ransomware attacks on US schools, universities, and other educational institutions so far in 2024, affecting 263,000 records. The average ransom is about $500,000.
Ransomware attacks have hit Abilene Independent School District (Cloak), Bartow County School System (Chort), Marysville Schools (BlackSuit), and Winnebago Public Schools (Interlock).
About Interboro School District
Interboro School District is a pre-K through 12th-grade public school district in the suburbs of Philadelphia, Pennsylvania. It consists of six schools including Interboro High School, Glenholden School, Norwood School, Prospect Park School, and Tinicum School. The district enrolls about 3,300 students, according to external sources.
