Providence Public Schools Hit by Ransomware Attack

Providence Public Schools Hit by Ransomware Attack
<span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="2"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

A ransomware group known as Medusa has allegedly breached Providence Public Schools, exfiltrating 201.4GB of data. The group demanded a ransom of $1,000,000 with a deadline of September 25th, according to HackManac, a Twitter account dedicated to maintaining a repository of verified cyberattacks. It is unclear if the ransom has been paid.  

On the evening of Wednesday, September 11, Providence Public Schools advised all staff to disconnect from the system's network. According to the first message sent out to faculty, "Out of an abundance of caution, please refrain from connecting your PPSD computers & devices to your home network & mobile devices. Thank you." 

The next morning, an update was circulated explaining the situation further: 

"We write to inform you that, yesterday, PPSD IT staff detected irregular activity on our network and took immediate action to investigate and address it. IT staff followed proper security protocols and worked to isolate the issue which has been contained. Out of an abundance of caution, the District quickly engaged a third-party IT company to provide additional professional support. Following their recommendation, the District shut down the network, and the IT experts are now conducting a forensic review of the network. Internet access is currently down at all PPSD sites, and we are working diligently to restore it." 

Over two weeks later, Dr. Javier Montanez, Superintendent of Providence Public Schools, acknowledged Medusa's hacking claim in a message, stating, "While we cannot confirm the authenticity of these files and verify their claims, there could be concerns that these alleged documents could contain personal information." 

By the end of the month, members of the Providence School Board were demanding more detailed information about the breach and its implications. 

This incident underscores the critical need for companies handling private data, in this case that of students and teachers, to be transparent and forthcoming. Failing to provide clear information and timely updates can lead to agitation among stakeholders and potentially severe legal repercussions.