Ransomware delays first day of school for Hartford, Connecticut

Ransomware delays first day of school for Hartford, Connecticut

The Hartford School District in Connecticut has postponed their first day of school as they struggle with getting classroom and transportation systems restored and running after a Labor Day holiday weekend ransomware attack.

This school year, most USA school districts had struggled with the decision of how and when they were going to reopen schools due to the COVID-19 pandemic.

For the Hartford School District, this choice was taken away from them after suffering a ransomware attack on Saturday.

In a press conference this morning, Hartford Mayor Luke Bronin stated that the school district’s network was breached on Thursday, September 3rd.

The state’s capital did not become aware of the attack until Saturday, September 5th, after the hackers deployed ransomware and began encrypting the devices on the district’s network.

As this attack affected not only classroom computers but also the system responsible for transportation routes, the school district postponed school opening until they can fully recover their systems.

According to Mayor Bronin, no ransom demand was given, and Hartford has no plans on paying the ransom.

“There was no specific ransom demand. There was language, text that was installed and discovered on many systems, that said this is a ransomware attack and asked that we contact a particular email address. Needless to say that we are not contacting that email address. We will let law enforcement deal with that,” Bronin stated in a live press conference this morning.

Bronin further stated that they did not believe any data was stolen, but are looking into it further.

“To the best of our knowledge, no data was stolen, although we will continue to do everything we can to say with 100% confidence,” Bronin stated.

This attack’s time frame is not surprising as we warned last week that network administrators should be especially diligent during the Labor Day holiday weekend.

A source has told BleepingComputer that the Hermes ransomware is thought to be behind the attack on the school district’s systems, but BleepingComputer has not been able to verify these claims.

Older versions of Hermes had a weakness that allowed files to be recovered for free. This weakness has since been fixed, and current attacks are not decryptable.

Cyberattack will likely lead to a data breach

While Hartford officials have stated that they do not believe any data has been stolen, this may not be the case depending on the ransomware.

Since the end of 2019, ransomware gangs have been actively stealing unencrypted data, including student and employee records, before deploying a ransomware on a network.

This data is then used as a leverage to get a victim to pay, or the ransomware operators threaten to publicly release the files on data leak sites.

The Hermes ransomware operators are not known for stealing data before deploying their ransomware, but it does not mean they have not started adopting this tactic.

As the threat actors had access to the school district’s systems for two days before deploying the ransomware, there was more than enough time to harvest unencrypted files.

Last week, the SunCrypt ransomware operators attacked a North Carolina school district and leaked 5GB of files containing student and employee data.

Read the original article over at BleepingComputer.com.