惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
有赞技术团队
有赞技术团队
T
The Blog of Author Tim Ferriss
F
Fortinet All Blogs
D
DataBreaches.Net
F
Full Disclosure
腾讯CDC
博客园 - 【当耐特】
MyScale Blog
MyScale Blog
Stack Overflow Blog
Stack Overflow Blog
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
爱范儿
爱范儿
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
The Register - Security
The Register - Security
WordPress大学
WordPress大学
博客园 - 聂微东
雷峰网
雷峰网
J
Java Code Geeks
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
A
Arctic Wolf
Scott Helme
Scott Helme
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
Know Your Adversary
Know Your Adversary
AWS News Blog
AWS News Blog
G
Google Developers Blog
www.infosecurity-magazine.com
www.infosecurity-magazine.com
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
Project Zero
Project Zero
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Application and Cybersecurity Blog
Application and Cybersecurity Blog
云风的 BLOG
云风的 BLOG
N
News and Events Feed by Topic
MongoDB | Blog
MongoDB | Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Microsoft Security Blog
Microsoft Security Blog
Cisco Talos Blog
Cisco Talos Blog
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security

Breaches – ThreatDown by Malwarebytes

Snowflake “breach” looks like 165 individual incidents Ransomware drives healthcare provider into administration Ticketmaster, Santander Bank breaches linked to Snowflake hack, threat actor claims Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed MongoDB warns customers about data breach after cyberattack State of Maine data breach impacts 1.3 million people Okta breach happened after employee logged into personal Google account - ThreatDown by Malwarebytes Medical research data Advarra stolen after SIM swap 1Password reports security incident after breach at Okta
K-12 district hit with $500k Medusa ransomware attack
Bill Cozens · 2024-04-20 · via Breaches – ThreatDown by Malwarebytes

The Medusa ransomware gang claims it has stolen 1.2 TB of data from a large K-12 district.

In late March, Traverse City Area Public Schools (TCAPS) experienced a severe network disruption that shut down schools the following Monday and Tuesday. On April 13th, the ransomware group Medusa announced on their data leak website that they were responsible for the attack, claiming to have stolen 1.2 terabytes (TB) of data and demanding a $500,000 ransom.

Medusa data leak site

Based out of Traverse City, Michigan, TCAPS comprises 11 elementary schools, 2 middle schools, 3 high schools, 1 alternative high school, and 1 Montessori school. It serves a total of 8,908 students and employs 932 staff members.

This incident is part of a broader trend of increased ransomware attacks on educational institutions. According to ThreatDown research, 2023 saw the highest number of ransomware attacks recorded in the education sector, with a 70% increase from the previous year, escalating from 129 incidents in 2022 to 265 in 2023. The number of ransomware attacks on K-12 schools specifically (as opposed to K-12 and higher education combined) rose by 92%, from 51 attacks in 2022 to 98 in 2023.

The majority of these ransomware attacks on education occurred in the US, with 169 attacks reported last year.

Moving into 2024, LockBit is the leading perpetrator of ransomware attacks on education, with 14 confirmed attacks so far.

All-time Medusa ransomware attacks by country

Medusa has quickly become a major player in the ransomware arena since being first profiled by the ThreatDown intelligence team in March 2023. The group has executed 194 confirmed attacks since then. The education sector is one of Medusa’s primary targets, accounting for 19 of these attacks, making them the 6th most prevalent ransomware group attacking educational institutions since February 2022.

All-time Medusa ransomware attacks by sector

Stopping Medusa ransomware

Medusa has made a big name for itself in a short amount of time.

While it looks like Medusa will attack anyone they think is an easy target, it’s safe to say that educational organizations in the USA should be particularly wary of Medusa considering their strong focus on that country and sector.

ThreatDowns’ EDR anti-ransomware layer constantly monitors endpoint systems and automatically kills processes associated with ransomware activity, including Medusa ransomware. 

ThreatDown EDR automatically detecting and quarantining Medusa ransomware

In our ThreatDown K-12 Bundle, you’ll find everything your district needs to protect staff and student devices from ransomware attacks. Learn more.