Marietta City Schools, located near Atlanta, Georgia, became the latest victim of a ransomware attack, which was disclosed on December 4, 2024. The district reported a network outage following unauthorized access to its computer systems, although the extent of the breach has not yet been fully confirmed. The ransomware group responsible for the attack, known as RansomHub, claims to have stolen 500 GB of data from the district. In a statement posted on their leak site, RansomHub issued a ransom demand, threatening to release or sell the stolen data unless the district pays an undisclosed amount within a week.
At this time, Marietta City Schools has not confirmed the group’s claim or provided further details about the compromised information. It is unclear how the attackers gained access to the district’s network or if the school district will comply with the ransom demand. The incident is part of a worrying trend of increasing ransomware attacks targeting U.S. educational institutions, where cybercriminals aim to steal sensitive data or lock systems until payment is made. These attacks disrupt critical systems used for managing assignments, grading, payroll, and communication between teachers, students, and staff.
RansomHub, which operates on a ransomware-as-a-service model, has been responsible for several high-profile attacks since its formation. The group rents out its malware and infrastructure to affiliates, who then use it to launch attacks against various organizations. Among the victims of RansomHub are major institutions such as Rite Aid, Christie’s auction house, and the Florida Department of Health. The group has been linked to at least 78 confirmed ransomware attacks, affecting millions of records. In recent weeks, RansomHub has also targeted Italian football club Bologna FC and reportedly attacked Wirral University Teaching Hospital NHS Trust in the UK.
Ransomware attacks on schools have become increasingly common, with significant disruptions to educational operations. In addition to financial losses and data breaches, these attacks often cause severe disruptions in school activities, sometimes forcing institutions to revert to manual processes or cancel classes entirely. With over 60 confirmed ransomware attacks on U.S. educational institutions in 2024, the trend raises concerns about the safety of sensitive student and staff data, and the broader implications for cybersecurity in the education sector.
Reference: