Rhysida group claims a major ransomware attack on Rutherford County Schools District

The infamous Rhysida ransomware group has claimed that it breached the internal network of Rutherford County Schools and has demanded a ransom of close to $2 million from school authorities.

 

Based in Murfreesboro, Tennessee, Rutherford County Schools District consists of 27 elementary schools, 13 middle schools, 11 high schools, and four other schools in the state. As of 2020, the school district had close to 50,000 students in its rolls and employed more than 5,000 faculty and staff members.

 

In a data security incident notice posted on its website, the school district said that on November 25, it experienced “network and systems disruption” and quickly took steps, such as using backup and recovery procedures, to restore affected services. It has also launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

While the school district did not share details on who is responsible for the cyber attack, the nature of the same or the type of data compromised during the incident, the Rhysida ransomware group recently claimed responsibility for targeting the school district and listed it as a victim on its data leak site.

 

 

The group has demanded a ransom of 20 BTC (approx. $1,960,000) and has given a deadline of December 18 for the school District to meet its ransom demands, threatening to leak the stolen data if the ransom isn’t paid.

 

Acknowledging the claims of the hacker group, the school district said, “We were notified that the party believed to have caused the disruption has now made a post online claiming to have some employee personal data, and it appears some files were obtained pertaining to certain employees.

 

“This claim is being fully investigated, and to the extent it is determined that any employee personal information was affected by this event, we will notify those employees who were affected in accordance with applicable law.

 

“To our knowledge, there has been no posting of student personal data, and our investigation to date has not found that student personal data has been obtained from our student information computers.

 

“In the meantime, our schools continue to operate normally and are focused on the academic goals for our students,” the District added.