"We are very well informed and precise in our operations, so we know that the School has cyber insurance that reaches £500k"
~ The gang said in its message to parents.
The Target
A school based in Bedfordshire suffered a ransomware attack this week, with the Hive Ransomware Group demanding £500,000 in ransom, according to reports.
Pressure Ramping...
The cybercriminals have messaged both parents and students to inform them that their Bank details, home addresses, medical records and even psychological reviews were stolen. They also warned that their children's personal information would be leaked if the school fails to pay up.
Half a million seems a lot to ask from a school, right?
According to industry statistics, the average total cost for rectifying a ransomware attack in the education sector, considering downtime, people time, device cost, network cost, lost opportunity, ransom paid and more - is £2.2m.
What can the group do with the data?
Young people's data can be valuable to criminals as it is 'fresh data'. Criminals will be able to use it to set-up bank accounts that can be used for money laundering and to engage in other criminal activity. As a victim, it's something you may not even find out until the point you go to open up your first bank account.
For these reasons, it makes the data incredibly valuable for Hive to sell on the dark web if they are unable to negotiate their ransom demands.
Meet the hackers, who are Hive?
The Hive group are becoming one of the most prolific ransomware-as-a-service (RaaS) operators.
Like most of the newer ransomware groups, Hive run double-extortion campaigns: siphoning data, encrypting the files, and telling the victims their stolen information will be leaked if they refuse to pay the ransom.
Recent high-profile attacks include Costa Rica's national public health service and the group has been heavily targeting Microsoft Exchange Servers.
What is Ransomware as a Service? (RaaS)
Ransomware as a Service (RaaS) is a subscription-based model that affiliates can use to launch ransomware attacks developed by operators.
Affiliates can earn as much as 80% of each ransom payment.
Similar to Software as a Service (SaaS), the service usually includes full support options and flexible subscription models available to it's affiliates.
This model is a prime example of why the industry continues to see an increase in ransomware attacks. Cyber criminals no longer need to develop their own ransomware variant and can click and add to basket on the dark web before choosing their next target.
How does Spear Shield help organisations tackle ransomware?
The team at Spear Shield enables organisations to take a proactive approach to incident response with our 24/7 Managed Threat Hunting and Incident Response Service.
If you'd like to learn more, you can visit www.spearshield.co.uk/hunt or contact the team today:
hello@spearshield.co.uk
01473 948980
About Spear Shield
Phish fighting, threat hunting, cyber risk mitigation experts.
Based in Ipswich, Suffolk. Spear Shield are a team of cybersecurity risk and mitigation experts who align their award-winning solutions and services to help businesses solve their cybersecurity challenges.
