Edison Learning, a virtual learning provider and school management company, has confirmed that it has been subject to a cyber attack in which the hackers behind the Royal ransomware group claim to have stolen 20GB of data. The group has threatened to release the data, which it claims includes “personal information of employees and students,” during the week of 1 May.
It is thought that the group may have already made a ransom demand, which would suggest that it is engaged in negotiations with the targeted company. Edison Learning has confirmed that it is conducting an ongoing investigation into the attack.
Edison Learning was established in 1992 as the Edison Project and has provided school management services for public charter schools and struggling districts in the US and UK. The company has also expanded its services to provide virtual schooling for middle and high school students, as well as CTE courses for high school students, social-emotional learning courses for middle and high school, and more.
The company operates its own in-house learning management system, called eSchoolware, and offers other services such as “management solutions, alternative education, personal learning plans, and turnaround services for underperforming schools.”
The Royal ransomware gang has claimed responsibility for the attack and accused Edison Learning of failing to protect its systems properly. The group has a history of targeting educational institutions and is thought to be responsible for attacks on a number of universities and schools in the US.
It is unclear whether any ransom has been paid in this case. K12SIX, a nonprofit threat-intelligence group that works specifically with US public schools to improve their cybersecurity, is offering free guides and templates to K–12 IT practitioners as well as guides for district leaders and policymakers on recommendations to stay ahead of cyber threat actors.
K12SIX will also host a free webinar for school IT and security leaders on Wednesday, May 3, focusing on “Beyond IT: Building Cabinet Buy-in for a ‘Zero Trust’ Cybersecurity Program.” According to cybersecurity expert Doug Levin, Royal and similar ransomware groups often post warnings when they have made a ransom demand and are engaged in negotiations with a targeted organization.
This suggests that Edison Learning may already have received a ransom demand from the hackers.
