By stating on its dark web data leak site on Wednesday, April 26, that it had stolen 20GB of the companys data, including personal information of employees and students, and threatening to publish the data early next week, the Royal Ransomware claimed to have infiltrated public school management and virtual learning provider Edison Learning.
According to cybersecurity expert Doug Levin, national director of K12 Security Information Exchange and member of CISAs Cybersecurity Advisory Committee, when Royal and similar ransomware groups publish such warnings, it usually means they have made a ransomware demand and may be in negotiations with the targeted organisation.