Schools and colleges might be closed, but ransomware gangs are on duty. Hive ransomware posted encrypted files from three United States education institutions on the dark web. The data of the Innovative Education Management, North Idaho College, and Dixons Allerton Academy can now be downloaded, according to consecutive posts on the gang’s leak site.
This comes days after the hacker group’s audacious stunt: reaching out to the students at Knox College after breaching the college’s computer systems. This is the first such reported incident where hackers directly reached out to the victim, offering a trade-off, raising the question of whether the group is stooping to a new low to sustain its cybercriminal activities.
School data on the dark web
Infosec news website RedPacket Security posted the activities of the ransomware group by taking details from the Hive leak site.
In the three reports, dedicated to each school, the information, including their website, the date the information was encrypted, and when it was made available, was revealed.
The group claimed that the systems of North Idaho College were targeted on 28 October this year. Innovative Education Management was hacked on 14 November 2022, and Dixon Allerton Academy was hacked on 12 December.
The dark web post also included a short description of the schools. The websites of all these three institutes are opening with nothing suspicious reflecting on them.



Knox College students suffered one of the biggest forms of abuse when the Hive ransomware group used the information from the breached system data to offer a trade-off.
“We have compromised your collage networks…. The data we have includes your personal information, medical records, psychological assessments, and many other sensitive data. Additionally, all of your SSN and Medical records will be put for sale, for every hacker to gain access and use your data in whatever illegal activity they want. To us, this is a normal business day. For you, it’s a sad day where everyone will see your personal and private info,” read the email by the ransomware group.
The incident clearly indicates a new format the ransomware group is experimenting with, creating panic among those impacted by the breach.
Ransomware attacks and the education sector
According to The State of Ransomware in Education 2022 by Sophos, ransomware news attacks in the educational sector spiked to 60% in 2021 as compared to 44% in 2020. As per the report, 56% of lower education respondents were hit by ransomware in the past year, along with 64% of higher education institutions.
Types of cyberattacks on educational sector during the pandemic (Source: Intel)Following the COVID-19 pandemic, students shifted to online education, which opened the opportunity for cybercriminals to break into sensitive user and system data belonging to both the school and pupils.
Nearly 87% of educational institutes have suffered at least one cyberattack. The Federal Bureau of Investigation has been alerting users to use multifactor authentication seeing the increasing number of cyberattacks on the education sector.
Research proves that in the third quarter of 2022, the education and research sectors were the targets of the highest cyberattacks with the number reaching 2,148 every week, per organization. Posing a question on the weak security mechanism put in place by this sector, several authorities such as the Cybersecurity & Infrastructure Security Agency (CISA) have been asking schools and their service providers to upgrade their risk management and security infrastructure.