urlscan.io logo urlscan.io
SecurityTrails logo

cybernews.com Open in urlscan Pro
2606:4700:3108::ac42:2bc5  Public Scan

Back to summary
URL: https://cybernews.com/news/georgia-county-school-district-hit-by-ransom-gang/
Submission: On December 12 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

GET /search/

<form class="header__search-form" action="/search/" method="get" data-js-search-mobile="">
  <input class="header__search-form-input" placeholder="Search..." type="search" data-js-search-input-mobile="">
  <button type="submit" class="header__search-form-button" title="Search">
    <svg class="svg-icon header__search-form-button-icon" width="22" height="22">
      <use xlink:href="#mdi-magnify"></use>
    </svg>
  </button>
</form>

POST /api/add-comment/

<form id="comment-form" class="space space_size_n text text_size_small" action="/api/add-comment/" method="POST">
  <label for="comment-form-text">
    <strong class="form-label form-label_required">Comment</strong>
    <textarea id="comment-form-text" name="comment" required="" cols="45" rows="8" class="form-input space space_size_s" minlength="3"></textarea>
  </label>
  <div class="space space_size_n">
    <div class="cells cells_responsive">
      <label class="cells__item cells__item_width cells__item_width_2" for="comment-form-name">
        <strong class="form-label form-label_required">Name</strong>
        <input id="comment-form-name" type="text" name="name" required="" class="form-input space space_size_s" minlength="3">
      </label>
      <label class="cells__item cells__item_width cells__item_width_2" for="comment-form-email">
        <strong class="form-label form-label_required">Email</strong>
        <input id="comment-form-email" type="email" name="email" required="" class="form-input space space_size_s" minlength="3">
      </label>
    </div>
    <label class="space space_size_n display_block" for="privacy_policy">
      <strong class="form-label form-label_required">Privacy Policy Agreement</strong>
      <span class="space space_size_s content display_block">
        <input id="privacy_policy" name="privacy_policy" required="" type="checkbox"> &nbsp; I agree to the <a class="link" href="https://cybernews.com/terms-conditions/" target="_blank" rel="noreferrer">
Terms &amp; Conditions
</a> and <a href="https://cybernews.com/privacy-policy/" target="_blank" rel="noreferrer">
Privacy Policsy
</a>. </span>
    </label>
  </div>
  <div class="space space_size_l">
    <button class="button" type="submit"> Post comment </button>
  </div>
</form>

Text Content

 * News
   * Cybersecurity news
   * Cyber war news
 * Editorial
 * Security
 * Privacy
 * Crypto
 * Tech
 * Resources
   * What is a VPN?
   * How to use a VPN?
   * What is malware?
   * Are password managers safe?
   * More resources
 * Tools
   * Strong password generator
   * Personal data leak checker
   * Password leak checker
   * Website security checker
   * Ransomlooker
   * VPN speed test
 * Reviews
   * Antivirus software
   * Best VPN services
   * Password managers
   * Best ad blockers
   * Secure email providers
   * Best website builders
   * Best web hosting services

 * Follow
   * 
   * 
   * 
   * 
   * 
   * 
   * 



© 2023 CyberNews- Latest tech news,
product reviews, and analyses.

 1. Home
 2. News


GEORGIA COUNTY SCHOOL DISTRICT CLAIMED BY BLACKSUIT RANSOM GANG

Updated on: 11 December 2023
 * Stefanie Schappert
   Senior journalist

--------------------------------------------------------------------------------

Image by Lee Reese | Shutterstock


The Royal ransomware gang rebrands and lays claim to an early November
cyberattack still disrupting the Henry County School system in Central Georgia.

The week of November 6th, 2023, Henry County Schools (HCS) said it became aware
of suspicious activity impacting its network operations.

On November 9th, HCS officials revealed “an unauthorized user had gained access
to a certain environment on our network.“



On the advice of law enforcement and cyber experts, the school was forced to
restrict access to its network, completely shutting down internet access across
the entire school district, including for both students and administrative
offices.

Online classes and some phone services were also disrupted, HSC said.

The public county school system encompasses over 50 schools, including
elementary, middle, and high schools, serving over 42,000 students, 4,000
faculty, and more than 2,500 teachers.

Vital services such as such as school bus transport, lunch service, intercom,
fire alarms, and buzzer entrance/access control had remained operational.

Monday, the Royal ransomware group, now rebranded as BlackSuit, posted the
school on its victim leak site.

BlackSuit leak site, Image by Cybernews.

It's not clear why the gang chose to claim the school now, but since the attack,
the Henry County Schools Superintendent Mary Elizabeth Davis has been posting
videos on the HSC website regularly with updates.

On the last update, dated November 30th, Davis said authorities had verified
over the Thanksgiving break that the suspicious activity was “a ransomware
attack initiated by a group of criminals operating outside of the United
States.”



The BlackSuit gang also provided a download link to a 135GB ZIP Archive file
labeled “henry.k12.ga.us.zip,” but no sample files were posted.

BlackSuit leak site, Image by Cybernews.

Davis said that the HCS student information systems, financial and HR systems,
as well as email systems, remain “secure and clean,” but that a file storage
area containing mostly historical and procedural documents was compromised.

External data mining teams will be brought in to determine what else may have
been accessed, she said, adding that “if any personally identifiable information
is found compromised,” those persons will be notified.

The school continues to restore more services, including access to student
Chrome books, and that it plans to undergo a district wide password reset this
coming week.

Besides cybersecurity experts, the FBI, Department of Homeland Security, and
Georgia Emergency Management Agency were also brought in to investigate, the
school said.

BLACKSUIT AND ITS ROYAL PAST

The BlackSuit ransomware group – as of this November, formally known as Royal –
has a sordid past linked to a bevy of other ransomware gangs.

Royal broke on the ransom scene sometime in 2022 and, in certain months,
outpaced the number of attacks by more infamous ransom outfits such as LockBit,
BlackCat, and Vice Society.

A Cybersecurity and Infrastructure Security Agency (CISA) advisory about the
group released in March said Royal ransom demands can range from approximately
$1 million to $11 million in Bitcoin.



The group is said to be made up of a hodge podge of former threat actors from
other Russian-linked cyber gangs, including the Conti group, and before creating
their own Royal ransomware, would utilize third-party BlackCat and Zeon
variants.

Royal leak site. Image by Cybernews

The gang is known to specifically target critical infrastructure with the Royal
variant, “which uses a custom-made file encryption program, evolved from earlier
iterations that used “Zeon” as a loader," according to CISA

The group first made a name for itself after hacking the UK’s Silverstone
Formula One motor racing circuit in November 2022.

Since then, the group infamously hacked the City of Dallas, Texas, shutting down
the municipality for weeks, affecting the Dallas Police and Fire Departments and
making it the 7th US city to have been targeted by the group.

City of Dallas ransomware attack. Image by Cybernews

The Henry County School district is not the first of its kind to fall victim to
Royal-linked cartel.

This spring, Royal also claimed to have hacked and stolen gigabytes of data from
the Lake Dallas Independent School District, including the social security
numbers and passport information of students and district staff.

According to Ransomlooker by Cybernews, the last activity of Royal was observed
in July 2023, when the criminal syndicate added its last victim.

In comparison, Royal added 38 victims in March, while BlackSuit has added 1-2
victims each month.




--------------------------------------------------------------------------------


MORE FROM CYBERNEWS:

Britain says no evidence of Sellafield nuclear site hacking

The future of phone scams: bots that sound like your loved ones

Study: young people would pay to have everyone delete TikTok and Instagram

Spot the Artist: a robot dog takeover at NGV Triennial in Melbourne

Book review: “A City on Mars”

Subscribe to our newsletter




Share
Post
Share
Share
Share

--------------------------------------------------------------------------------

Editor's choice
EDITORIAL
Female VCs face major disadvantage: the reality of gender washing in venture
capital
by  Neil C. Hughes
08 December 2023

Exploring the harsh reality of 'gender washing' in the venture capital industry.
We unveil how systemic biases and superficial diversity claims continue to
perpetuate a significant funding and power disparity for female VCs and
entrepreneurs, underscoring the urgent need for genuine inclusivity and
equitable practices.

Read more about Exploring the harsh reality of 'gender washing' in the venture
capital industry. We unveil how systemic biases and superficial diversity claims
continue to perpetuate a significant funding and power disparity for female VCs
and entrepreneurs, underscoring the urgent need for genuine inclusivity and
equitable practices.
Schadenfreude galore: in Naomi Alderman’s “The Future,” the wealthy suck
08 December 2023
Podcast: should we use AI to try to find aliens?
06 December 2023
The future of phone scams: bots that sound like your loved ones
04 December 2023
Spot the Artist: a robot dog takeover at NGV Triennial in Melbourne
01 December 2023

--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

Leave a Reply

Your email address will not be published. Required fields are markedmarked

Comment
Name Email
Privacy Policy Agreement   I agree to the Terms & Conditions and Privacy Policsy
.
Post comment

 * Categories
   * News
   * Editorial
   * Security
   * Privacy
   * Crypto
   * Cloud
   * Tech
 * Reviews
   * Antivirus Software
   * Password Managers
   * Best VPNs
   * Best VPN for iPhone
   * Secure Email Providers
   * Website Builders
   * Best Web Hosting Services
 * Tools
   * Password generator
   * Personal data leak checker
   * Password leak checker
   * Website security checker
   * Ransomlooker
   * VPN speed test
   * Coupon codes
 * ENGAGE
   * About Us
   * Send Us a Tip
   * Careers
   * Academy

 * 
 * 
 * 
 * 
 * 
 * 
 * 

 * About Us
 * Contact
 * Send Us a Tip
 * Privacy Policy
 * Terms & Conditions
 * Vulnerability Disclosure

© 2023 Cybernews – Latest Cybersecurity and Tech News, Research & Analysis.



This website uses cookies. By continuing to use this website you are giving
consent to cookies being used. Visit our Privacy Policy .
Customize I Agree