View All R&D Articles

Providence Schools Face Ransomware Attack, $1 Million Demand

September 18, 2024

Rhode Island’s Providence Public Schools (PPSD) district has allegedly fallen victim to a major ransomware attack.

The cybercriminal group, Medusa, is reportedly demanding a ransom of $1 million and claims to have stolen 201.4 GB of sensitive data, including financial records, student and teacher information, and personal identifiable information (PII). This news comes shortly after PPSD experienced “technical difficulties” with their internet network last week.

While the total size of stolen data is relatively small — many attacks capture terabytes of data — the type of data is much more important than the amount. 

The incident is alarming given the recent reports of Medusa exploiting a critical vulnerability in Fortinet’s FortiClient EMS software. The flaw allows the ransomware group to execute sophisticated attacks, gain access to sensitive data, and encrypt systems, disrupting operations for organizations in various sectors.

PPSD has confirmed that they are working with law enforcement agencies, including the Rhode Island State Police, FBI, and DHS, to investigate the incident.

Related: Report: 75% of Organizations Hit By Ransomware in 2023

Ransomware and Education: A Growing Threat

According to one analysis, 2023 was a record-breaking year for ransomware attacks on education institutions; 2024 seems poised to eclipse the previous “record.” 

Several factors make schools prime targets for attacks:

  1. Sensitive Data: Schools store vast amounts of sensitive personal data, including student and staff information, medical records, and financial details. 
  2. Limited IT Resources: Many schools, especially smaller districts, often have limited budgets for IT and cybersecurity. Outdated systems are easier to compromise — and if schools don’t have the resources for adequate disaster recovery, that’s even better for bad actors. 
  3. Critical Operations Dependence: Schools rely heavily on their IT systems for daily operations, particularly in recent years. Online learning platforms, communication systems, and student info management portals rely on functional IT; institutions have strong incentives to restore systems as quickly as possible.
  4. Lack of Cybersecurity Awareness: In some cases, schools may lack adequate cybersecurity awareness and training programs for staff and students. This can make them more susceptible to phishing scams and other social engineering techniques used to deliver ransomware.

Authorities are aware of these factors, and CISA (Cybersecurity & Infrastructure Security Agency) has established a program to identify vulnerable targets and warn “critical infrastructure entities” of those vulnerabilities. 

Ransomware Recovery Resources for Educational Institutions

If you’ve suffered a critical ransomware attack, Datarecovery.com can help. As experts in ransomware recovery, disaster recovery, and data protection, we work with organizations to limit threat exposure and ensure an effective response following security incidents.

From penetration (PEN) testing and dark web monitoring to onsite ransomware recovery, we’re prepared to help businesses build robust strategies. To get started, call 1-800-237-4200 to speak with an expert or submit a request online.