Ransomware Strikes Three US Universities

Published at: June 4, 2020

A ransomware gang claims to have successfully attacked three universities within the last seven days. They say that their latest attack was against the University of California San Francisco, or UCSF, on June 3.

Cointelegraph had access to the evidence published by NetWalker, a group of hackers, on their official dark web blog. In this blog, they claimed to have stolen sensitive data, including student names, social security numbers, and financial information.

NetWalker threatened to leak the data in less than a week if crypto payment in Bitcoin (BTC) is not made. The information is from Michigan State, Columbia College of Chicago, and UCSF.

Educational services and ransomware attacks

As of press time, Michigan State University’s data was also reportedly stolen. The group is also threatening to release student data, according to the countdown displayed on NetWalker’s blog site.

Source: Brett Callow’s research

Speaking with Cointelegraph, Brett Callow, threat analyst at malware lab Emsisoft and one of the first experts who spotted the massive attack, says that ransomware attacks in the education sector are an “enormously disruptive and costly problem.”

He relies on the latest Emsisoft’s data, which states that in 2019, at least 89 universities, colleges, and school districts were impacted by ransomware. He suspects that up to 1,233 individual schools were potentially affected.

Callow adds that the trend is continuing into 2020 with at least 30 universities, colleges, and school districts already impacted this year. Regarding the attack on the three US universities, Emsisoft’s threat analyst warned:

“(…) Even if the universities do pay, that will not solve the problem as they will only have a pinky promise.”

University leading COVID-19-related antibody tests attacked

UCSF confirmed to Bloomberg that they were the target of an “illegal intrusion,” although they did not provide further details about the attack.

The educational institution is one of the universities leading antibody testing and clinical trials for possible coronavirus treatments.

Callow advises the education sector that systems should be promptly patched, email filtered, PowerShell disabled when not needed, and MFA used everywhere that it can be used. He adds that adhering to well-established best practices can “significantly reduce the likelihood of an organization being successfully attacked.”

The Emsisoft analyst adds the following regarding the threat level of recent ransomware attacks:

“Every time a ransom is paid, the criminals become more motivated and better resourced. The only way to stop ransomware attacks is to cut off the cash flow, and that means organizations must improve their security so as not to be in the position of needing to pay ransoms.”

Recently, Cointelegraph reported the latest findings of Verizon’s 2020 Data Breach Investigation Report, which revealed that education services worldwide have been witnessing a surge in ransomware attacks in 2020.

Tags
Related Posts
University of Utah Pays Ransomware Gang to Prevent Student Data Leak
The University of Utah’s College of Social and Behavioral Science confirmed that they were hit by a ransomware attack on July 19. According to a statement issued by the University, the gang left many computers inaccessible for several hours as staff took servers offline to prevent the malware from spreading to other machines on the school’s network. Following internal discussion, officials decided to work with the school’s cyber insurance provider to pay a $457,059 ransom in order to prevent a data leak. Staff from the university clarified that the insurance policy paid part of the ransom and they covered the …
Technology / Aug. 22, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Michigan State University Hit by Ransomware, Refuses to Pay Criminals
In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom. According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision. The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its …
Technology / June 11, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
Robotics Company Falls Prey to Ransomware Attack
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …
Technology / June 12, 2020