Michigan State University Hit by Ransomware, Refuses to Pay Criminals

Published at: June 11, 2020

In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom.

According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision.

The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its security structure by compromising data mainly from the Department of Physics and Astronomy.

Hackers threaten to leak the stolen data

Michigan State Police are currently providing technical assistance and sharing information with federal officials, as per local media.

The gang reportedly published a countdown clock that warns they will leak stolen data if MSU does not pay the ransom. The hackers have since published proof that they are able to access the stolen documents.

Speaking with Cointelegraph, Allan Liska, solutions architect at cybersecurity firm Recorded Future, explained about how NetWalker operates:

“NetWalker is part of a new breed of ransomware families, the actors are generally sophisticated and have a good deal of insight into how corporate networks operate. They take their time once they are inside a network and they know which data to extract to force an extortion payment if the victim will not pay the ransom.”

The cybersecurity firm further highlights that schools, in general, have been targeted for a long time by ransomware gangs:

“Part of that is ease of entry, whether you are talking about grade school, high school or college there are generally many internet-facing systems associated with a school. There is also often little budget for security, meaning attackers have lots of opportunity to gain access. Computing services are also increasingly critical to the functioning of the school. In the United States we saw a rash of ransomware attacks against school systems in August and September of 2019.”

Should the victims pay the ransom?

Liska says that paying the ransom is ultimately a “business decision,” and it comes down to a matter of risk management. However, the solutions architect of Recorded Future noted:

“Whether an organization decides to pay the ransom or not, it is important to remember that you are dealing with criminals, paying the ransom doesn’t always guarantee that your files will be unencrypted and it doesn’t always mean that stolen files won ‘t eventually be sold on underground forums anyway. Sadly, there are no good answers once the files have left your organization’s network.”

On June 10, city officials of Florence, Alabama stated their intention to pay a ransom of nearly $300,000 worth in Bitcoin (BTC). They cited concerns that failing to do so may result in private citizens having their data leaked after a ransomware attack by DoppelPaymer.

Cointelegraph also reported on June 3 that the NetWalker ransomware group targeted three US-based universities.

Tags
Related Posts
University of Utah Pays Ransomware Gang to Prevent Student Data Leak
The University of Utah’s College of Social and Behavioral Science confirmed that they were hit by a ransomware attack on July 19. According to a statement issued by the University, the gang left many computers inaccessible for several hours as staff took servers offline to prevent the malware from spreading to other machines on the school’s network. Following internal discussion, officials decided to work with the school’s cyber insurance provider to pay a $457,059 ransom in order to prevent a data leak. Staff from the university clarified that the insurance policy paid part of the ransom and they covered the …
Technology / Aug. 22, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Well-Known Ransomware Gang Strikes Three Companies in the US and Canada
Ransomware group REvil has launched another series of attacks targeting three companies in the U.S. and Canada. As of press time, they have leaked data from two of the companies, and threatened to disclose sensitive data from the third. The companies are well-known Canadian accounting firm, Goodman Mintz LLP, licensed real estate broker Strategic Sites LLC, and ZEGG Hotels & Store, a duty-free store. First target of the week: an accounting company The gang kicked-off the week by leaking sensitive data from the Canada-based accounting company, Goodman Mintz LLP. The leak included company files, accounting and working documents of clients, …
Technology / June 17, 2020
Knoxville Is the Latest American City to Suffer a Ransomware Attack
An unidentified ransomware gang attacked the city of Knoxville, Tennessee’s IT network, forcing officers to shut down all systems on June 12. According to local news station WVLT, the attack took place sometime between June 10–11, encrypting all files within the network infrastructure. The attack forced workstations of the internal IT network to be shut down, which also disconnected internet access from the mayor’s infrastructure, public website, and even the Knoxville court. The FBI is currently assisting in the investigation, although the identity of the ransomware group behind the attack has not yet been revealed. The official statement from the …
Technology / June 15, 2020
Ransomware Strikes Three US Universities
A ransomware gang claims to have successfully attacked three universities within the last seven days. They say that their latest attack was against the University of California San Francisco, or UCSF, on June 3. Cointelegraph had access to the evidence published by NetWalker, a group of hackers, on their official dark web blog. In this blog, they claimed to have stolen sensitive data, including student names, social security numbers, and financial information. NetWalker threatened to leak the data in less than a week if crypto payment in Bitcoin (BTC) is not made. The information is from Michigan State, Columbia College …
Technology / June 4, 2020