Hive demands £500k from Wootton Academy Trust in ransomware attack

Russian-speaking ransomware-as-a-service gang Hive has reportedly demanded £500,000 from two sixth-form colleges in Bedfordshire, under threat of leaking stolen data online.

According to a report from security provider Recorded Future, parents of pupils at the two Wootton Academy Trust colleges have been contacted directly by members of Hive, warning that their children’s personal information would be leaked if the Trust fails to pay up.

However, the stolen data is so valuable that it may be sold on the dark web regardless of the Trust’s actions, Recorded Future told Tech Monitor.

The Trust’s executive principal Michael Gleeson confirmed the Hive ransomware attack in a letter to students and their parents. “I can now confirm that the Trust suffered a cyber incident and we are now in the process of putting in place a plan that will enable our IT system to be rebuilt.”

The Trust has informed the Information Commissioner’s Office and the police of the incident.

Hive ransomware attack on Wootton Academy Trust

The £500,000 ransom demand reflects the coverage of the Trust’s cyber insurance policy, which Hive found on its IT systems. “We are very well informed and precise in our operations, so we know that Wootton have cyber insurance that reaches £500k,” the gang said in its message to the parents.

In the past, this has been an effective tactic for ransomware groups, who have used details of their target’s cyber insurance policies to negotiate ransoms worth millions of pounds.

Now, though, cyber insurance policies rarely cover ransom payments, says Allan Liska, an intelligence analyst at Recorded Future. “A £500,000 cyber insurance policy does not mean that an insurance company will pay it,” he explains.

“The number of insurance companies that will pay a ransom directly has…