Less than a month after South Australia’s Reynella East College began contacting parents and carers to warn them of a “cyber security breach” impacting the entirety of the school’s systems, the threat actor behind the attack has published more than 600 gigabytes of school data to its darknet leak site.
The Interlock ransomware group claimed responsibility for the hack in a 23 June leak post, which said the hackers had exfiltrated more than 473,000 files distributed between more than 68,000 folders.
“Reynella East College is an innovative educational institution offering a comprehensive curriculum for students from preschool to 12th grade,” the hackers said.
“However, the school failed to adequately protect the privacy of its students and staff and made no attempt to do so, resulting in the leak of their sensitive personal data online. We are providing you with 600 GB of interesting files and documents, including contracts, financial reports, personal data, student and staff identification numbers, seating charts, and much more.”
Interlock also published several files as evidence of the hack, alongside a file tree listing every document impacted. A cursory investigation by Cyber Daily has revealed passport scans belonging to both international students and teaching staff, lists of cleartext passwords and associated usernames, student and family contact details, teaching documents, and school budgets.
Cyber Daily has reached out to Reynella East College but has yet to receive a response from the school.
Who is Interlock?
Interlock has been around since at least late 2024 and has listed 111 ransomware victims since then, mostly in the education and manufacturing sectors in the United States and Canada. Reynella East College appears to be the group’s first Australian victim.
“We have taken control of your systems, encrypted your critical files, and extracted sensitive data,” the group said in its ransom note.
“This is a pivotal moment for your organisation – your actions now will determine the outcome.”
Interlock is known to gain initial access via a mix of social engineering and compromised websites, particularly using the ClickFix technique, which tricks victims using fake CAPTCHA challenges.
The group uses double-extortion techniques to pressure its victims, both encrypting data before threatening to publish it online. Evidence collected by the FBI suggests links between Interlock and the Rhysida ransomware operation.
What is Reynella East College?
Based in the southern suburbs of Adelaide, Reynella East College teaches children from preschool to Year 12, and it currently has more than 1,900 students enrolled.
The school offers international and study-abroad programs, hosts community events, and offers facility hire services.
On 9 June, the college began sending out letters to parents and carers outlining a cyber incident that had disrupted many of its online systems.
“Dear Reynella East College parents and carers, there has been a cyber security breach impacting all of our school’s computer systems,” the letter, co-signed by the school’s principal and chief information officer, said.
“The Department for Education is working closely with our school and specialist teams to understand what has happened and restore systems as quickly as possible.
“It is unlikely our school’s ICT systems will be back online this week.”
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.