Update to Haywood County Schools ransomware attack
There’s an update to the Haywood County Schools ransomware attack previously noted on this site. Lawrence Abrams reports that it was SunCrypt ransomware that was used in the attack, and although the district resumed remote learning on August 31, some school services remain impacted.
As part of the double extortion and leak site model that other ransomware groups are using, the SunCrypt operators have dumped some of the district’s data on an onion site. Inspection of the 5 GB of data suggests that it was all administrative files and templates.
The district has previously indicated that it would not be paying any ransom, it I think they all need to be preparing themselves that student and parent data may be dumped. How much sensitive student or parent data may have been obtained is unknown to this site at this point.
Read more on BleepingComputer.