BlackSuit ransomware update: 42GB of data claimed to be from Edgewood Schools posted, nothing new on Monroe County government attack
About 42GB of data claimed to be from the Richland-Bean Blossom Community School Corporation (Edgewood Schools) is currently posted on the “dark web” in a .zip file available for download from a site that appears to belong to BlackSuit, which is ransomware.
[Updated July 15, 2024 at 3:25 p.m. In a statement released by RBB schools superintendent Jerry Sanders on Monday around 3:15 p.m. the district reject claims made by a “third-party bad actor” about having accessed the district’s website as “false.” The statement also states that “a preliminary review of the data that the third-party actor claimed to have taken from our network appears to belong to another organization and does not appear to belong to RBB or any of RBB’s affiliates.”]
The “dark web” is a part of the internet that runs off a chain of nodes which encrypt and route data through multiple volunteer-run servers—which is known for anonymity and unindexed content. Accessing the dark web requires a special web browser.
A basic ransomware attack involves getting access to a victim’s system, encrypting their files, and demanding a ransom for the decryption key.
BlackSuit is the same intruder identified by Monroe County government as causing the week-long county government shutdown, starting 13 days ago.
Monroe County’s data does not turn up on a search of the BlackSuit webpage.
When The B Square spoke with RBB technology director Rick Routon on Friday, he indicated that the district is aware of the posting on the BlackSuit website.
But Routon deferred to district superintendent Jerry Sanders for answers to any questions. Sanders has been out of the office but will return on Monday, Routon said.
An area resident with the expertise to download the RBB file into a safe environment told The B Square that the .zip file available on BlackSuit’s website contains 42GB of information.
That’s the equivalent of 22 million pages of plain text.
The source told The B Square that based on their limited inspection of the downloaded data so far, they believe the posting of the data amounts to a FERPA (Family Educational Rights and Privacy Act) violation. The source has tried, without success, to report the issue to the Indiana Dept of Education.
But the source has successfully reported the incident to the CERT (Cyber Emergency Response Team) at the CISA (Cybersecurity and Infrastructure Security Agency).
The listed entries on the website that apparently belongs to BlackSuit are not dated.
But along with the links to the datafiles belonging to some of its victims, BlackSuit includes critical commentary. For Jackson County, Missouri, BlackSuit writes: “Clients and employees – REMEMBER, Jackson County management does not care about you or your personal information.”
Or for the file belonging to the Kansas City Police Department, BlackSuit writes: “Kansas police said they will not pay a ransom after voluntarily agreeing to have their case files made public. Trust your police.”
But the listing for RBB schools just gives some background information on the district (which is, at least in part, erroneous) with a link to the data file. There’s no indication on the website that a ransom was demanded or that the district refused to pay one.
On Saturday (July 13) Monroe County government did not turn up as a result in a search of the BlackSuit website listing its exploits.
Last week, when Monroe County was back online, there was no further update on the cyberattack, beyond the fact the investigation by the county’s third-party cybersecurity vendor is ongoing.
