Schools are off to a rough scratch this year. Apart from wrestle with edtech and certificate issues in illumine of the increased use of virtual learning, school districts are being increasingly attacked by ransomware groups. These ransomware terror actors impersonate a image threat: they not only encrypt a district’s system(s) to piddle functioning impossible unless a ransom is paid, but they may also exfiltrate copies of the district’s data before encrypting it on the server(s) so that even if a district can manage to recover from the attack by using a backup, there is the threat that the attackers will underprice personal and sensitive data on the dark web for everyone to grab. given that scenario and how much personal and sensitive info districts may maintain on their server(s), districts may find themselves between the proverbial rock and a hard position when a ransom demand is made. Yesterday, this site reported on troika school districts in Virginia, Ohio, and Nevada that had been attacked by maze threat actors. Of note, the call of 1 of their victims, Fairfax County public Schools, was removed from their list of “clients” on their leak site after the media started reporting on FCPS’s breach. The removal of a name from a list may indicate that the victim changed their mind or wound up paying ransom. Let’s look at three more districts today, starting with two schooltime districts in New jersey that hold also been attacked with ransomware since school reopened this month. On september 10 and 11, Karin price Mueller reported that after one day of classes, the somerset Hills schooltime district closed down their schools because of an unexpected network disruption” that was later reported to be a ransomware attack. The district does not seem to get updated its status this week, and they did not reveal what type of ransomware was involved. While Somerset’s snipe was in the news on September 11, there was another NJ district that had allegedly also been attacked, but it was not in the news. It appears that we probably need to add Millstone township school territory to any list you may be keeping. threat actors known as “Conti” have claimed that they are responsible for the round on Millstone Township school District. That claim was made on Conti’s dark web leak site on sep 11. Millstone township school territory is a relatively small district comprised of trinity schools covering pre-K through score 8 (middle school). as proof of their claim attack, Conti uploaded 15 files. Those files relate to fairly routine territory business. no personnel files containing sensitive information or files on students were included in the small data dump. These dumps are generally used to prove to victims that the attackers make data and if the victim doesn’t pay up, all of their files will dumped. It is often difficult for victims to regulate exactly what or how much attackers were able to exfiltrate. Because there has been no statement from Millstone on their web site about any round nor any media coverage that i could find, DataBreaches.net sent an email asking them if they would substantiate or refuse Conti’s claims. No reception has been received by time of publication. Meanwhile, and as reported in the media today, Newhall school territory in ca canceled online classes yesterday and today after being hit with ransomware over the weekend. The type of ransomware was not disclosed.