Ransomware gang 8Base declared yesterday in an X (formerly Twitter) post that “hospitals, non-profit organizations, social funds, and schools” were “NO LONGER of interest” to the criminal group. Instead, the gang claimed it would “leave NOTES with safety recommendations” if it accessed such organizations, presumably to help them beef up their cyber defenses.
The gang’s announcement appears to have been prompted by a post from security researcher Dominic Alvieri, which noted the gang had listed a school for children as young as 2 on its dark web leak site. 8Base denied any responsibility for the attack and the school is no longer listed on the gang’s site. However, it is unclear how or why the school was posted if the ransomware gang was not behind the attack.
8Base is not the only ransomware gang to claim to have changed its stance on schools. In July, the Royal ransomware gang posted a strange missive after breaching a school district, claiming to “respect the sanctity” of schools and to have deleted the data it stole. While the statement’s over-the-top nature made it appear less than credible, data from eCrime.ch shows the gang has listed no further victims to its leak site.
Unfortunately, even if 8Base and Royal no longer target schools, many other ransomware gangs still do. In the past 30 days, 18 educational organizations have been listed on ransomware leak sites, according to data from eCrime.ch. The biggest offender, accounting for exactly half of the listed educational institutions, is the ransomware gang LockBit.
LockBit reportedly had its own problems earlier in the year but, unfortunately for schools, these now seem to be resolved.