UPDATE 11.10.2023 Aliquippa – PA, cyberattack: Hopewell Area School District is yet another victim in the education sector
UPDATE 11.10.2023 Aliquippa – PA, cyberattack: Hopewell Area School District is yet another victim in the education sector
11/08/2023 Marco A. De Felice aka amvinfe
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 1
Share via:
Twitter
LinkedIn
UPDATE 11.10.2023
Although several weeks have passed since the Medusa ransomware group gained access to the IT systems of the Hopewell Area School District (HASD), we have not yet been able to find any official statement on data loss on the school district’s website. Despite having sent emails to key figures in the Hopewell Area School District in recent days, we have not received any confirmation or denial statements from the school district.
What we hope is that those affected, including employees, students, and their parents, have at least been notified of the loss of their data.
In the hours following the publication of our article, we obtained a 30-minute video in which Medusa lists, showing them in the video, the files exfiltrated from the educational institution’s servers. Due to the presence of easily visible PII (Personally Identifiable Information) in the video, SuspectFile has decided not to share or publish the video with third parties, but we will limit ourselves to publishing written documents.
However, we can confirm what we wrote in the previous article, namely the quality of the data in the possession of the ransomware group:
– Administrative documents
– Full names of employees
– Addresses
– Phone numbers
– Email addresses
– Subjects taught
– Annual salaries
Many documents that we were able to view in the video were over 10 years old. What is the reason for such old data still being present in the information systems of the Hopewell Area School District?
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 2
Doc.1 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 3
Doc. 2 -Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 4
Doc. 3 -Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 5
Doc. 4 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 6
Doc. 5 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 7
Doc. 6 – Screenshot and redaction by SuspectFile.com
Among the documents we were able to view in the Medusa ransomware group’s video, there are also Social Security Numbers (SSNs), usernames, and passwords in plain text. Additionally, there is the presence of an enormous amount of photos of Hopewell Area School District (HASD) students.
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 8
Doc . 7 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 9
Doc . 8 – Screenshot and redaction by SuspectFile.com
We also became aware of the quantity of data exfiltrated by Medusa from the school district’s servers about two weeks ago, approximately 120GB of documents that are still in the hands of cybercriminals today. In the absence of an agreement, these data will likely be made public in a few days.
Once again, in our opinion, we are witnessing a mishandling of data protection—a neglectful approach to personal and sensitive documents entrusted to third parties. These should be protected but are instead managed poorly and with a lack of seriousness, driven by the belief that the likelihood of someone infiltrating their computer network is very low: “Why would anyone target our servers?”
These institutions, especially if public, should be asking different kinds of questions: “How can we make our computer systems more secure? What data can reside on an online server, and which must be kept offline? Furthermore, “What data must be preserved while making it inaccessible in the event of a cyber attack?”
These are questions that we often try to answer only after it’s too late. Investing money in cybersecurity and providing training for staff is never a waste of time or resources.
A new day, a new victim of a cyberattack in the field of education worldwide.
This time, it’s the Hopewell Area School District (KG-12), a school district comprising 5 schools (Hopewell High School, Hopewell Memorial Junior High School, Margaret Ross Elementary, Independence Elementary, Hopewell Elementary) located in Aliquippa, Beaver County, PA, U.S., with a total of over 2,000 students according to data recorded in the 2021-2022 school year by the NCES U.S. (National Center for Education Statistics).
In the last few hours, the ransomware group Medusa has published on its website, within the Tor networks, 29 samples of proof data, including:
– Administrative documents
– Full names of employees
– Addresses
– Phone numbers
– Email addresses
– Subjects taught
– Annual salaries
Medusa is not new to attacks on educational institutions. In the recent past, we reported an attack on the Emerson Public School District, another school district located in Bergen County, NJ. In that case, the data stolen by the ransomware group amounted to almost 2TB and over 1 million documents, some of which contained personally identifiable information (PII).
According to Medusa’s blog, the ransom demand to prevent the data from being published or deleted is $300,000. From the file tree uploaded by the group, we can understand that the quantity of files in the hands of cybercriminals is over 180,000, and they include administrative data, PII, hundreds of images, such as those that Medusa has published in their blog as proof files. In two images that we have edited, you can see the faces of minors.
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 10
Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 11
Screenshot and redaction by SuspectFile.com
A directory in the file tree is linked to the Board Secretary of the School District, and we were able to verify that some files are linked, presumably, to documents of a certain confidentiality (we have edited the names and surnames).
Hopewell Area School District\Staff\[EDITED]\Confidential Secretary Agreement.docx
Hopewell Area School District\Staff\[EDITED]\[EDITED] Resignation Statement.docx
Hopewell Area School District\Staff\[EDITED]\[EDITED] recommendation letter West A.doc
Hopewell Area School District\Staff\[EDITED]\[EDITED] RMU Recommendation Letter.doc
Hopewell Area School District\Staff\[EDITED]\Employment Contracts Dates and information book.docx
Hopewell Area School District\Staff\[EDITED]\2021 Notary Certificate.pdf
Hopewell Area School District\Staff\[EDITED]\Dependent Children Record Update.doc
Hopewell Area School District\Staff\[EDITED]\[EDITED]\[EDITED] Expulsion Hearing Letter.docx
Hopewell Area School District\Staff\[EDITED]\[EDITED]\[EDITED] Expulsion hearing notification April 2016.doc
In another directory, we found file names that would suggest, in this case as well, confidential files containing passwords and user IDs. We have edited part of the directory name because it contained references to various school district employees.
Hopewell Area School District\Staff\[EDITED]\[EDITED]\Academic Pre-Algebra 7 ( 2014 )\7th grade Web ID and password.xlsx
Hopewell Area School District\Staff\[EDITED]\My Music\[EDITED] Login and Passwords 2015.csv
Hopewell Area School District\Staff\[EDITED]\2013 [EDITED]\passwords.docx
Hopewell Area School District\Staff\[EDITED]\2013[EDITED]\\student ar logins and passwords.pdf
Hopewell Area School District\Staff\[EDITED]\2013 [EDITED]\username and password login cards.docx
Hopewell Area School District\APPLICS\GROUP_P\[EDITED] email password and login.doc
Hopewell Area School District\Staff\[EDITED]\Username-Passwords.xlsx
In the long list of over 180,000 files, we found the name of a file that could lead to PII documents, but in this case, we cannot be certain.
Hopewell Area School District\Staff\[EDITED]\driver’s license.pdf
We have tried to contact Hopewell Area School District for a statement regarding this case, and our emails were sent to Dr. Jeff Beltz (Superintendent), Gary Hutsler (Elementary Assistant Principal), Korri Kane (Principal), Donna Steff (Student Services Coordinator and Assistant Elementary Principal), Gary Hutsler (Hopewell Area SD), and Dean Nelson (Hopewell Area SD), but we have not received any responses at this time.
SuspectFile will update the article in case of new developments.
11/08/2023 Marco A. De Felice aka amvinfe
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 1
Share via:
UPDATE 11.10.2023
Although several weeks have passed since the Medusa ransomware group gained access to the IT systems of the Hopewell Area School District (HASD), we have not yet been able to find any official statement on data loss on the school district’s website. Despite having sent emails to key figures in the Hopewell Area School District in recent days, we have not received any confirmation or denial statements from the school district.
What we hope is that those affected, including employees, students, and their parents, have at least been notified of the loss of their data.
In the hours following the publication of our article, we obtained a 30-minute video in which Medusa lists, showing them in the video, the files exfiltrated from the educational institution’s servers. Due to the presence of easily visible PII (Personally Identifiable Information) in the video, SuspectFile has decided not to share or publish the video with third parties, but we will limit ourselves to publishing written documents.
However, we can confirm what we wrote in the previous article, namely the quality of the data in the possession of the ransomware group:
– Administrative documents
– Full names of employees
– Addresses
– Phone numbers
– Email addresses
– Subjects taught
– Annual salaries
Many documents that we were able to view in the video were over 10 years old. What is the reason for such old data still being present in the information systems of the Hopewell Area School District?
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 2
Doc.1 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 3
Doc. 2 -Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 4
Doc. 3 -Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 5
Doc. 4 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 6
Doc. 5 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 7
Doc. 6 – Screenshot and redaction by SuspectFile.com
Among the documents we were able to view in the Medusa ransomware group’s video, there are also Social Security Numbers (SSNs), usernames, and passwords in plain text. Additionally, there is the presence of an enormous amount of photos of Hopewell Area School District (HASD) students.
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 8
Doc . 7 – Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 9
Doc . 8 – Screenshot and redaction by SuspectFile.com
We also became aware of the quantity of data exfiltrated by Medusa from the school district’s servers about two weeks ago, approximately 120GB of documents that are still in the hands of cybercriminals today. In the absence of an agreement, these data will likely be made public in a few days.
Once again, in our opinion, we are witnessing a mishandling of data protection—a neglectful approach to personal and sensitive documents entrusted to third parties. These should be protected but are instead managed poorly and with a lack of seriousness, driven by the belief that the likelihood of someone infiltrating their computer network is very low: “Why would anyone target our servers?”
These institutions, especially if public, should be asking different kinds of questions: “How can we make our computer systems more secure? What data can reside on an online server, and which must be kept offline? Furthermore, “What data must be preserved while making it inaccessible in the event of a cyber attack?”
These are questions that we often try to answer only after it’s too late. Investing money in cybersecurity and providing training for staff is never a waste of time or resources.
A new day, a new victim of a cyberattack in the field of education worldwide.
This time, it’s the Hopewell Area School District (KG-12), a school district comprising 5 schools (Hopewell High School, Hopewell Memorial Junior High School, Margaret Ross Elementary, Independence Elementary, Hopewell Elementary) located in Aliquippa, Beaver County, PA, U.S., with a total of over 2,000 students according to data recorded in the 2021-2022 school year by the NCES U.S. (National Center for Education Statistics).
In the last few hours, the ransomware group Medusa has published on its website, within the Tor networks, 29 samples of proof data, including:
– Administrative documents
– Full names of employees
– Addresses
– Phone numbers
– Email addresses
– Subjects taught
– Annual salaries
Medusa is not new to attacks on educational institutions. In the recent past, we reported an attack on the Emerson Public School District, another school district located in Bergen County, NJ. In that case, the data stolen by the ransomware group amounted to almost 2TB and over 1 million documents, some of which contained personally identifiable information (PII).
According to Medusa’s blog, the ransom demand to prevent the data from being published or deleted is $300,000. From the file tree uploaded by the group, we can understand that the quantity of files in the hands of cybercriminals is over 180,000, and they include administrative data, PII, hundreds of images, such as those that Medusa has published in their blog as proof files. In two images that we have edited, you can see the faces of minors.
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 10
Screenshot and redaction by SuspectFile.com
UPDATE 11.10.2023 Aliquippa - PA, cyberattack: Hopewell Area School District is yet another victim in the education sector 11
Screenshot and redaction by SuspectFile.com
A directory in the file tree is linked to the Board Secretary of the School District, and we were able to verify that some files are linked, presumably, to documents of a certain confidentiality (we have edited the names and surnames).
Hopewell Area School District\Staff\[EDITED]\Confidential Secretary Agreement.docx
Hopewell Area School District\Staff\[EDITED]\[EDITED] Resignation Statement.docx
Hopewell Area School District\Staff\[EDITED]\[EDITED] recommendation letter West A.doc
Hopewell Area School District\Staff\[EDITED]\[EDITED] RMU Recommendation Letter.doc
Hopewell Area School District\Staff\[EDITED]\Employment Contracts Dates and information book.docx
Hopewell Area School District\Staff\[EDITED]\2021 Notary Certificate.pdf
Hopewell Area School District\Staff\[EDITED]\Dependent Children Record Update.doc
Hopewell Area School District\Staff\[EDITED]\[EDITED]\[EDITED] Expulsion Hearing Letter.docx
Hopewell Area School District\Staff\[EDITED]\[EDITED]\[EDITED] Expulsion hearing notification April 2016.doc
In another directory, we found file names that would suggest, in this case as well, confidential files containing passwords and user IDs. We have edited part of the directory name because it contained references to various school district employees.
Hopewell Area School District\Staff\[EDITED]\[EDITED]\Academic Pre-Algebra 7 ( 2014 )\7th grade Web ID and password.xlsx
Hopewell Area School District\Staff\[EDITED]\My Music\[EDITED] Login and Passwords 2015.csv
Hopewell Area School District\Staff\[EDITED]\2013 [EDITED]\passwords.docx
Hopewell Area School District\Staff\[EDITED]\2013[EDITED]\\student ar logins and passwords.pdf
Hopewell Area School District\Staff\[EDITED]\2013 [EDITED]\username and password login cards.docx
Hopewell Area School District\APPLICS\GROUP_P\[EDITED] email password and login.doc
Hopewell Area School District\Staff\[EDITED]\Username-Passwords.xlsx
In the long list of over 180,000 files, we found the name of a file that could lead to PII documents, but in this case, we cannot be certain.
Hopewell Area School District\Staff\[EDITED]\driver’s license.pdf
We have tried to contact Hopewell Area School District for a statement regarding this case, and our emails were sent to Dr. Jeff Beltz (Superintendent), Gary Hutsler (Elementary Assistant Principal), Korri Kane (Principal), Donna Steff (Student Services Coordinator and Assistant Elementary Principal), Gary Hutsler (Hopewell Area SD), and Dean Nelson (Hopewell Area SD), but we have not received any responses at this time.
SuspectFile will update the article in case of new developments.
