Largest School District in Arizona hit with Ransomware Attack
A cyberattack that struck the Tucson Unified School District (TUSD) in late January forced teachers to rely on hot spots and required them to “develop alternative learning plans”.
Reports show that the school district was hit with a ransomware attack by the gang Royal, who took credit for the attack via a note that staff found in their printers that morning, according to KOLD News 13 out of Tucson.
The Arizona Republic obtained a copy of the ransom note which stated “Your critical data … can be published online. Then anyone on the Internet from the darknet and even your employees will be able to see your internal documentation.” The letter also states that the only way to unencrypt their data is to pay the ransom.
The U.S. Department of Health and Human Services released an alert in December 2022 in regards to the Royal ransomware gang, after they were initially discovered in September of the same year.
In the alert, the HHS warns that Royal’s “requested demand for payment has been seen to range anywhere from $250,000 U.S. Dollars to over $2 million USD.” Royal also “appears to consist of experienced actors from other groups” and does not seem to use affiliates.
Despite the attack on the largest school district in Arizona, an email sent by TUSD reiterated that “schools are fully functioning and students have access to the tools they need to continue their learning and stay on track.”
The school district is also working with “national external cybersecurity experts” to analyze the attack, and a forensic investigation is “in its early stages and ongoing.”
According to a 2018 audit of TUSD, security weaknesses including the lack of a contingency plan were noted as a security weakness, per The Arizona Republic. The district said it would respond by making improvements including the finalization of a disaster recovery plan and creating stronger password requirements. It was not noted if these improvements were actually made, however based on the fact that the school was back up and fully functional shortly after the attack suggests that the school actually took the proper precautions which may have prevented the attack from being much worse.
Story via govtech.com