SunCrypt Ransomware behind North Carolina school district data breach

A school district in North Carolina disclosed a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack.

The Haywood County School district in North Carolina has suffered a data breach after having unencrypted files stolen during a SunCrypt Ransomware attack.

The ransomware attack took place on August 24th, 2020, but at the time the family of malware that infected the school district was not revealed.

The infection forced the school district to shut down its systems and suspend remote instruction.

“Our delay in restarting remote instruction is the uncertainty about the use of staff computers. We will know more when the forensic work is complete.” reads a notice sent by the Haywood County School District to parents.

“We apologize for being unable to communicate as effectively as normal. Servers, Internet, and telephone services are still down in the school system. We will send another update at the end of the day.”

The school district partially resumed its operations on August 31st, including the remote learning, at the same time it has launched an investigation into the incident that revealed the theft of the data during the attack.

“In announcing the ransomware attack on Monday, we wanted everyone to understand a data breach was possible. We have now confirmed a data breach occurred. We are taking every possible step to eliminate any potential harm to staff, students, and affiliates.” reads an update on the incident published by the school district. “At this point, the forensic work has not determined the extent of specific data that was stolen. We ask staff, students, and parents to monitor for any suspicious activity.

According to BleepingComputer, the school district in North Carolina was hit by the SunCrypt Ransomware operators, that like other ransomware gangs (i.e. Maze, REVil) steal data before encrypting them and threaten victims to leak them if they will not pay the ransom.

“After not paying, the ransomware operators have published a 5GB archive containing data stolen from the school district.” reported BleepingComputer.

The archive leaked by the ransomware operators includes sensitive documents and personal information of the school district, students, and teachers.

BleepingComputer analyzed the attack against the Haywood County School District attack and published technical details on the attack chain employed in the incident.

Experts pointed out that currently there is no way to recovery file encrypted by the SunCrypt ransomware for free.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, SunCrypt)

[adrotate banner=”5″]

[adrotate banner=”13″]