What just happened? Universities are becoming an increasingly popular — and seemingly profitable — attack surface. The University of Utah is the latest educational institution to be accosted by a ransomware attack. While the “unknown entity” who perpetrated the attack hasn’t been identified, it’s likely the same ransomware gang responsible for similar attacks on other universities as of late.
In a statement provided on its website, The University of Utah disclosed that it paid $457,059.24 in order to mitigate the ransomware attack. The university said that it “decided to work with its cyber insurance provider to pay a fee to the ransomware attacker” in an attempt to prevent sensitive data from being released online.
In summarizing the timeline of the attack, the university stated that on Sunday, July 19, 2020, the university’s Information Security Office (ISO) was notified of an attack on the College of Social and Behavioral Science (CSBS) servers. Data on the CSBS servers had been encrypted by an attacker, and was no longer accessible by the college.
The CSBS servers were immediately isolated from the rest of the network and the internet, while the university performed an investigation and notified law enforcement. It has since been determined that roughly .02 percent of data stored on the servers was compromised in the attack. The affected data included potentially sensitive information on employees and students. The university’s Information Security Office worked with an external firm specializing in ransomware attacks to resolve the incident, and is reporting that no other IT systems on campus were affected.
The University of Utah paid extortionists almost half a million dollars after a ransomware attack on some of its computer servers and is now telling students, staff and faculty to change their university passwords.https://t.co/bYahZ8o32x
— The Salt Lake Tribune (@sltrib) August 21, 2020
The University of Utah is just the latest higher education target for ransomware attacks, as both Michigan State and the University of California at San Francisco have also recently suffered ransomware attacks. It’s usually recommend that ransomware targets don’t crack under the pressure to pay. However, in some cases, victims will opt to a pay a ransom in an attempt to mitigate the fallout.
In the case of the University of California at San Francisco, the college opted to pay a ransom fee of $1.14M to secure confidential research files. Regarding the University of Utah, paying the ransomware fee was likely cheaper than the potential litigation resulting from a data breach affecting staff and students.
In all of the above mentioned cases, the NetWalker ransomware gang is believed to be responsible. It’s estimated that NetWalker has amassed more than $25M as a result of ransomware attacks this year alone. Ransomware attacks continue to rise and are becoming both more sophisticated and costly.
Image credit: Michael Gordon