-
A ransomware group, Gunra, boasts 650GB of internal credentials stolen from a South Korean University, Inha University.
-
The attack breached the official webpage of the university for 14 hours; leaking sensitive details of staff and students.
-
Similarly, a different ransomware attack hit a school in Virginia registered as Manassas Park City Schools; compromised financial data, Social Security numbers, etc.
On December 29, a South Korean University acknowledged a ransomware attack on its academic information network by a group called Gunra. The bad actors deployed a breach at 6:50 a.m. on December 28, which made it difficult for users to surf to the official webpage of the university for 14 hours straight.
Gunra made bold claims via the “dark web.” The group stated it had hijacked 650GB of internal data of Inha University. They backed up their claim by disclosing an excerpt containing personal information of university members.
This isn’t Gunra’s first rodeo. The group previously claimed responsibility for hacking Seoul Guarantee Insurance Company and stealing internal data.
However, Seoul Guarantee Insurance Company disputed that claim at the time, stating there were no indications that large volumes of internal information had been leaked.
University Officials Speak Up Amid Hackers’ Negotiation Proposals
According to reports, Gunra reached out to Inha University directly via email and proposed negotiations. This happened 24 hours following the attack. University officials instantly sent reports to the Ministry of Education as well as the Korea Internet & Security Agency (KISA).
Given the volume of data at stake, they further reported to the Personal Information Protection Commission.
An Inha University official speaks up about their efforts to verify the data theft claims. The official also hinted at continued investigation regarding the cause of the incident and what’s at stake.
Virginia Schools Hit With Similar Nightmare
On June 12, 2025, a ransomware hit Manassas Park City Schools in Virginia. Bad actors jeopardized its network, which allowed them to encode parts of the school’s systems with ransomware. The report says the hit went unnoticed for two days until June 14.
While the school district has not announced how many staff members, students, and third parties were affected, the attack jeopardized sensitive credentials. This included full names or first initial and last name combinations, Social Security numbers, passport numbers, as well as financial account information—precisely the kinds of data that, when leaked, fuel downstream crimes like the fake ID extortion scams surging in India.
MPCS reported to the FBI Cyber Division alongside the Virginia Fusion Center. Furthermore, the school district issued warnings across the community, admonishing victims to take prompt protective steps such as reviewing account statements and monitoring their credit reports.
The Growing Threat to Education
Educational institutions house vast amounts of sensitive data but often have inadequate cybersecurity infrastructure, making them attractive targets for bad actors. These attacks are a global issue, with breaches often affecting millions, as seen in the major data breach at the University of Phoenix that exposed 3.5 million individuals’ information.
Without a doubt, the location and timing of these attacks are different. Still, the impact is devastating. It isn’t only the institutions in South Korea or the school districts in Virginia; other attacks have even exposed decades’ worth of sensitive student and staff records in massive district-level breaches. It’s clear that no educational institution is exempt from these nefarious incidents. The question now is whether schools will invest in stronger defenses before the next attack hits.
