More US school districts claimed by BlackSuit ransom group

The BlackSuit ransomware cartel, formally known as Royal – and for targeting educational institutions in the US – claims its first school district of the year.

South Carolina’s Kershaw County School District (KCSD) is the first educational institution to be claimed by the BlackSuit gang in 2024.

KCSD serves more than 11,000 students, kindergarten to 12th grade, spanning 19 schools including nine elementary schools – and has over 1,300 employees.

The threat actors posted the public school district on its victim leak site on January 3rd, alleging to have stolen 17GB worth of files from the KCSD network.

Meantime, the Blaine County School District (BCSD) in Idaho suffered the same fate in December, making it the second school district hit by the ransomware group in the past month.

BlackSuit Kershaw and Blaine County School District
BlackSuit dark leak site. Image by Cybernews.

The BCSD is a smaller district with just over 3000 students, pre-K through 12, spread across eight schools in the gem state.

BlackSuit alleges to have 128GB of BCSD data in its possession, although no proof or file samples were posted with either claim.

Furthermore, if any cyber incidents have taken place, there have been no formal announcements made by either district.

Cybernews has reached out to the two school districts and is awaiting response at the time of this report.

BlackSuit had previously claimed responsibility for a November ransomware attack on the Henry County Schools system in Georgia.

That attack forced the entire district to go offline for days, and exposed the sensitive data of more than 40K students and thousands more faculty members.

Restoration of that network system is expected to continue through January, according to a December 14th update by Henry County Schools Superintendent Mary Elizabeth Davis.

Who is BlackSuit?

The BlackSuit ransomware group is suspected to be a rebrand of the cybercriminals formally known as Royal, taking place this past November.

The gang emerged on the cyber scene in early 2022 and was reported to have at least 350 known victims under its belt by the end of 2023.

Notorious for data exfiltration and extortion prior to encryption – as well as publishing the data of victims who don’t pay up – the gang has extorted more than $275 million from its victims, the latest CISA and FBI advisory reveals.

Royal’s ransom demands have ranged from approximately $1 million to $11 million in Bitcoin, CISA said.

The group made headlines after it added the UK’s Silverstone Formula One motor racing circuit in 2022.

Royal infamously hacked the City of Dallas, Texas, shutting down the municipality for weeks, affecting the Dallas Police and Fire Departments, and making it the 7th US city to have been targeted by the group.

The group is said to be made up of a hodge podge of former threat actors from other Russian-linked cyber gangs, including the Conti group, and before creating their own Royal ransomware, would utilize third-party BlackCat and Zeon variants.

More from Cybernews:

Threat actors can “fairly easily” alter AI systems, NIST warns

Images that distort AI’s vision affect humans too

Hackers inside Kyivstar’s system since May 2023 – media

Old photo shows woman charging the Tesla of the 1900s

What is cyber kidnapping - explained

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked