Ransomware gang says it hacked Georgia school district

Ransomware group RansomHub yesterday claimed responsibility for a cyber attack on Marietta City Schools near Atlanta, Georgia.

Marietta Schools on December 4, 2024 announced it was experiencing a network outage following unauthorized access to the schools’ computer systems.

RansomHub says it stole 500 GB of data from the district and gave it one week to pay an undisclosed amount of ransom.

RansomHub claims attack on Marietta Schools on its leak site.
RansomHub claims attack on Marietta Schools on its leak site.

The school district did not verify RansomHub’s claim. We do not know what information might have been compromised, whether the school did or will pay a ransom, or how attackers breached the district’s network. Comparitech contacted Marietta City Schools for comment and will update this article if it responds.

Who is RansomHub?

RansomHub runs on a ransomware-as-a-service model in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health.

RansomHub claimed 78 confirmed ransomware attacks since it began listing victims in February 2024. Those attacks compromised 5.4 million records.

RansomHub this week also claimed attacks on Italian football club Bologna FC, and is rumored to be behind an attack on Wirral University Teaching Hospital NHS Trust in the UK. The latter disrupted hospital systems for more than a week.

Ransomware attacks on US education

Ransomware attacks can both steal data from and lock down a school’s computer systems by infecting them with malware. The school or district must then pay a ransom for a key to unlock the computer systems, and for the attacker to agree to not sell or publish the stolen data.

Ransomware can disrupt systems used for assignments, grades, communications with teachers and staff, billing, payroll, and more. Schools often have to resort to pen and paper until systems are restored, and some even cancel classes in the wake of ransomware attacks. If a school refuses to pay, restoration can take weeks or even months, and students and staff whose data was compromised are put at greater risk of identity theft.

Comparitech researchers logged 62 confirmed ransomware attacks on US schools, universities, and other educational institutions in 2024 so far. The average ransom demand is $720,000.

RansomHub has been behind multiple attacks on schools including Effingham County Schools, Charleston County School District, Cincinnati Public Schools, Cape Cod Academy, and Interboro School District. The group also claimed a still-unconfirmed attack on Crystal Lake Elementary District 47.

About Marietta City Schools

Marietta City Schools consists of one high school, one middle school, a sixth-grade academy, and eight elementary schools in the Atlanta, Georgia suburb. In total, the district enrolls about 8,600 students, according to external sources.