Over 150GB of stolen data, allegedly from the Gaston College data breach, was posted for download by the Snatch ransomware group.
The post by the hacker collective on the leak site featured two downloadable files — one contained 91 GB of data and the other 62 GB.
In a tweet, cybersecurity researcher Brett Callow shared screenshots of the claims made by the Snatch ransomware group. “Snatch has listed Gaston College, which disclosed it had been the victim of a ransomware attack earlier this month,” Callow wrote.
He also shared a research report highlighting the rise in the number of ransomware attacks on the education sector.
Gaston College data breach
In a statement released by the college, they confirmed that the cause of the interruption was a ransomware attack.
“On Wednesday, Feb. 22, Gaston College was the victim of a ransomware attack by an unknown threat actor. Upon discovery of the incident, the college immediately took critical systems offline and initiated an investigation into the attack,” read the official statement.
“This investigation is ongoing. In accordance with North Carolina law governing state agencies, Gaston College did not engage with the threat actor and promptly involved agency partners – including the FBI, Secret Service, North Carolina Community College Systems Office, and the NorthCarolina Joint Cybersecurity Task Force – to secure possibly affected systems.”
The last update regarding the incident was shared on March 20, 2023, which mentioned that certain portals were restored, however, others may remain offline. The statement also added that the “on-campus Wi-Fi is not accessible” and “computer labs on campus remain closed”.
While there is no mention of an ongoing negotiations between Gaston College and the hacker collective, the uploading of the alleged data from the college may indicate towards failed discussions between the two.
Moreover, the post on the leak site did not demand ransom or payment against the available data from the alleged Gaston college data breach.
The website of Gaston College was accessible at the time of writing.
Increasing ransomware attacks on the education sector
Nearly 17 post-secondary US schools have been targeted in ransomware attacks in 2023. The growing number of ransomware attacks on US schools has witnessed data stolen from nearly 14 out of 17 schools, which poses questions over its security infrastructure.
According to reports, 44 universities and colleges including 45 school districts from 1,981 schools were attacked in 2022. In 2021, 88 education sectors were targeted while in 2022, the number increased by one to 89.
Snatch ransomware group
Snatch ransomware is a double extortion group that uses different modes of attack including brute-force attacks.
According to reports, in a security incident, the group was observed to have encrypted all domain-joined systems within 5 hours.
To bypass protection, Snatch reboots the Windows device into Safe mode in the middle of the ransomware attack. The group is known to target exposed and vulnerable enterprise networks and move laterally within the organization.
A member suspected to be from the Snatch ransomware group was also found seeking affiliate partners who have access to RDP/ VNC/ SQL inj etc. in a Russian language post.
The member posting this advertisement on the criminal board went by the name BulletTooth Tony.