Ransomware Attack Forces University Of Utah To Pay $457,059

ransomware attack university of utah paid ransom

The University of Utah became the latest educational institution to fall victim to ransomware attacks. The university revealed that a group of cybercriminals targeted the College of Social and Behavioral Science (CSBS), rendering its servers inaccessible. The attack took place on July 19 and follows a string of similar malware offensives that hit other universities. That includes Michigan State, the University of California at San Francisco, Columbia College Chicago, and the City University of Seattle. 

According to a university statement on Thursday, the ransomware attack only affected 0.2% of the data on the servers. It included student and employee information. Once The U discovered the breach, it contacted law enforcement agencies and the Information Security Office. The latter launched an investigation in cooperation with an external firm that specializes in this type of attack. And as a precautionary measure, the University of Utah advised all students, employees, and faculty to change their passwords. It added that the ransomware attack did not hit any central IT systems. 

Ransomware is a type of malware that hijacks and encrypts your files and data. And the only way to get them back is by paying a ransom. Cybercriminals usually resort to phishing, the impersonation of a legitimate entity or employee, to infiltrate your device. They trick you into clicking a malicious link that you receive via email. If you refuse to pay the ransom, hackers will release the obtained data to the public. 

The University of Utah suffered similar extortion. The data that the ransomware gang acquired was backed up, according to the university, and employees were able to restore IT services and systems. However, the attackers threatened to publicize the stolen document, forcing The U officials to reconsider their decision of not paying the ransom. In the end, the university decided to pay the ransomware gang $457,059 to avoid any student or employee data leak. 

“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet,” the statement read. “No tuition, grant, donation, state or taxpayer funds were used to pay the ransom,” it added. The University of Utah did not pay the entire fee, though, as its cyber insurance policy covered part of it. 

Who Was Behind The Attack? 

The university didn’t point any fingers as to which side was behind the attack. However, Emsisoft threat analyst Brett Callow believes it was a gang called NetWalker. The group has been linked with several similar attacks on large organizations. That includes educational institutions like the University of California at San Francisco, which paid $1.14 million as ransom this June, Michigan State, the City University of Seattle, and Columbia College Chicago. NetWalker has reportedly made around $25 million from ransomware attacks this year. 

But Callow believes that paying cybercriminals isn’t a wise move. “All what organizations are paying for in this scenario is a pinky promise from a bad faith actor that the stolen data will be destroyed,” he said. The threat analyst doesn’t think hackers destroy the data once the ransom is paid because they could use it in other attacks. 

Use A VPN To Improve Your Cybersecurity

To increase your online privacy and security, use a VPN, a cybersecurity tool that encrypts your online activities, and conceals your location and identity. TheVPN.Guru offers the latest VPN reviews and how-to guides, in addition to technology news.

Bootstrap Business Blog Newest Posts From Mike Schiemer, Partners, & Blog Outreach Services