Cyber Incident Victim: De La Salle College
Date:
Nov 2022
Location:
Jersey
Summary
De La Salle College experienced a ransomware attack that encrypted its data and locked the institution out of its systems, with attackers demanding payment for decryption. The school confirmed no evidence of data exfiltration but acknowledged the encryption rendered its systems inaccessible, prompting collaboration with cybersecurity authorities and mandatory notifications. Jersey’s Cyber Emergency Response Team provided support, emphasizing ransomware’s prevalence and noting attackers often exploit system vulnerabilities rather than relying solely on phishing. The incident underscored risks posed by outdated infrastructure and the critical need for proactive defenses, though the ransom amount remained undisclosed by the college.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
De La Salle College in Jersey experienced a ransomware attack on or around November 24, 2022, which resulted in the encryption of its data and a complete loss of access to its systems. The attackers demanded a ransom payment in exchange for decrypting the data, though the school declined to disclose the specific amount requested. The incident was publicly confirmed by the school on December 1, 2022, when it stated there was no current evidence suggesting any data had been exfiltrated from its systems. Jersey's Cyber Emergency Response Team (CERT) Director Matt Palmer characterized the event as a typical ransomware operation where attackers encrypt victim data to extort payment, while acknowledging that payment doesn't guarantee data recovery. The school engaged with relevant authorities and completed all required notifications regarding the breach, though it provided no details about which specific systems or operational functions were disrupted by the attack.
The college maintained limited public communication about the incident, stating it would not provide further updates until new information became available. CERT.JE emphasized that such attacks occur regularly and advised that vulnerabilities in outdated systems often serve as entry points, rather than exclusively relying on phishing techniques. While the school's statement focused on the encryption impact and lack of system access, it did not specify whether academic operations were disrupted or whether backups existed to facilitate recovery. Palmer highlighted standard protective measures including system updates, two-factor authentication, and segregated backups during his public comments about the incident, though these recommendations were framed as general guidance rather than commentary on the school's specific preparedness. The cybersecurity authority's involvement confirmed the incident's classification as ransomware, but no attribution to specific threat actors or technical details about the attack vector were disclosed by either the school or CERT.JE in available statements.