SunCrypt Ransomware behind North Carolina school district data breach

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack.

The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack.

The ransomware attack took place on August 24th, 2020, but at the time the family of malware that infected the school district was not revealed.

The infection forced the school district to shut down its systems and suspend remote instruction.

“Our delay in restarting remote instruction is the uncertainty about the use of staff computers. We will know more when the forensic work is complete.” reads a notice sent by the Haywood County School District to parents.

“We apologize for being unable to communicate as effectively as normal. Servers, Internet, and telephone services are still down in the school system. We will send another update at the end of the day.”

The school district partially resumed its operations on August 31st, including the remote learning, at the same time it has launched an investigation into the incident that revealed the theft of the data during the attack.

“In announcing the ransomware attack on Monday, we wanted everyone to understand a data breach was possible. We have now confirmed a data breach occurred. We are taking every possible step to eliminate any potential harm to staff, students, and affiliates.” reads an update on the incident published by the school district. “At this point, the forensic work has not determined the extent of specific data that was stolen. We ask staff, students, and parents to monitor for any suspicious activity.

According to BleepingComputer, the school district in North Carolina was hit by the SunCrypt Ransomware operators, that like other ransomware gangs (i.e. Maze, REVil) steal data before encrypting them and threaten victims to leak them if they will not pay the ransom.

“After not paying, the ransomware operators have published a 5GB archive containing data stolen from the school district.” reported BleepingComputer.

The archive leaked by the ransomware operators includes sensitive documents and personal information of the school district, students, and teachers.

BleepingComputer analyzed the attack against the Haywood County School District attack and published technical details on the attack chain employed in the incident.

Experts pointed out that currently there is no way to recovery file encrypted by the SunCrypt ransomware for free.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SunCrypt)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.