Rhysida hackers send £1.2m ransom letter to Fylde Coast Academy Trust and threaten to release personal data
Rhysida, a ransomware gang believed to be from Russia, seized control of the Trust’s computer systems after a cyber attack in mid-September.
The criminal gang infected its IT network with ransomware, leaving all 10 of its schools with limited access to computers, laptops, printers and even photocopiers.
Advertisement
Hide AdAdvertisement
Hide AdAffected schools include Blackpool’s Armfield, Aspire, Montgomery and Unity high schools and Gateway, Mereside, Westcliff and Westminster primary schools. Hambleton Primary Academy and Garstang Community Academy are also affected.
Rhysida has targeted many organisations around the world, including its infamous attack on the British Library in 2023, and counts the Chilean army and Seattle International Airport among its victims.
In July, it held the city of Columbus, Ohio to ransom and followed through on its threats, releasing over 3 TB of data onto the dark web, after an attempt to extort $1.7million from the city.
Dean Logan, CEO of FCAT, did not say whether the breach led to any safeguarding leaks or breaches of GDPR, but the hackers have now confirmed this fear.
Advertisement
Hide AdAdvertisement
Hide AdRhysida has demanded a substantial sum of money from the Trust, and we can now confirm this ransom is 20 BTC (bitcoin) - equivalent to £1.2million.
The gang has told the Trust it now has until next Tuesday (November 12) to hand over the eye-watering sum, otherwise it has threatened to sell personal data to other crime groups or make it publicly available online.
It is also threatening to permanently block access to the Trust’s systems if the ransom is unpaid.
Advertisement
Hide AdAdvertisement
Hide AdThe hackers claim to have exfiltrated data including confidential information and personally identifiable information (PII) from the Trust’s servers. This allegedly includes driving licences, photographs, addresses and other personal data.
In a post on its dark web marketplace on Tuesday, the criminal group warns it will sell the data to the highest bidder.
It said: “With just 7 days left on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Open your wallets and be ready to buy exclusive data.”
Advertisement
Hide AdAdvertisement
Hide AdWhat does Fylde Coast Academy Trust say?
We asked the Trust’s CEO Dean Logan how the Trust was responding to the threat, whether it intended to pay the ransom, and whether any funds had already been transferred to the gang.
If FCAT does not pay the ransom, we asked what other options the Trust has to avoid the hacked data being sold or shared online. We also enquired whether IT systems have been restored and whether the ransomware been successfully removed.
Mr Logan, the head of the academy trust, did not address these issues but sought to reassure parents, staff and stakeholders that efforts were ongoing to tackle the impact of the cyber attack.
He said: "Fylde Coast Academy Trust have taken and will continue to take all appropriate and necessary steps to mitigate the impact of the cyber attack on stakeholders of the organisation."
Lancashire Police were approached for comment.