CNN reports that Nantucket Public Schools in Massachusetts had its safety and security systems, as well as student and staff devices, shut down following a ransomware attack, which also prompted the early dismissal of 1,700 students.
"No school-issued devices should be used at home until further notice, as it could compromise home networks," said Nantucket Public Schools Superintendent Elizabeth Hallet in an email sent to parents.
The incident comes only days after a ransomware attack impacted the Tucson Unified School District and while TUSD officials have yet to provide comment, there has been no evidence indicating an association between both events.
"The ransomware attacks on school districts across the country are a stark reminder that as a country we need to ensure our citizens are cyber literate. Cybersecurity education is a national security issue and we must educate our country on protecting our most critical infrastructure from malicious attacks," said Cyber Innovation Center Vice President Kevin Nolten.
Nantucket Public Schools impacted by ransomware attack
CNN reports that Nantucket Public Schools in Massachusetts had its safety and security systems, as well as student and staff devices, shut down following a ransomware attack, which also prompted the early dismissal of 1,700 students.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
Such websites, which are operated under "AI Nude" and are advanced by black hat SEO techniques, promise the conversion of uploaded photos into deepfake nudes but display a link, which when clicked redirected to another site with the password and link to the password-protected Dropbox-hosted archive that contains the infostealer malware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.