Utah University Pays Half Million Dollar Ransom Demand

Uploaded on 2020-08-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

In a 'data security incident' notification posted the University of Utah has disclosed they were successfully attacked with ransomware on July 19 and the University has now revealed that it paid cyber criminals $457,000 in order to avoid having hackers leak student information online. The stolen data contained student and employee information and the university management decided to pay the ransom to prevent it from being leaked. 

The university states that their cyber insurance policy paid a ransom of $457,059.24 USD and that no "tuition, grant, donation, state or taxpayer funds were used to pay the ransom."

The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files as part of an extortion scheme. In a statement posted on the University website, it said that it had actively dodged a major ransomware incident and that the hackers managed to encrypt only 0.02% of the data stored on its servers. 

The university said its staff restored from backups; however, the ransomware gang threatened to release student-related data online, which, in turn, made university management change their approach towards not paying the attackers. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker," the university said. 

In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have also begun stealing data from their networks before encrypting it.

If the victim, usually a large company, refuses to pay, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident. Because more organisations are now better prepared to recover from a ransomware attack by using backups to regain access to data that was encrypted, attackers are also exfiltrating data and threatening to leak it if a ransom is not paid.

Ransomware operators typically keep their side of the bargain and do not disclose the information stolen during these attacks if a ransom had been paid.

The University of Utah is not alone in recently paying ransom payments. In June UC San Francisco paid $1.14 million ransom to receive a decryptor and recover their files. The attacks on hospitals and healthcare organisations aren’t about to stop soon, and it’s not just a challenge in the United States.  Recently, European Commission President Ursula von der Leyen said China has been hacking hospitals and health care providers throughout the pandemic and has for the first time applied sanctions against various named attackers, including two Chinese citizens.

When it comes to data breaches, healthcare organisations have a somewhat different mix of threat actors they face. According to the 2019 Verizon Data Breach Investigations Report (DBIR), the majority of data breaches in healthcare involve internal actors, or trusted insiders.  The DBIR found that 59% of data breaches in healthcare involved someone on the inside, and 4% trusted partners. 

British And Canadian Colleges Also Attacked

In the UK a higher education college suffered "a significant malicious cyber-attack" which meant the students could not access their GCSE and other exam results online.Myerscough College, in Lancashire that specialises in sports, equine studies and agriculture, said it meant staff had to email each student individually with their grades.

 Data from the Royal Military College (RMC) of Canada was leaked on the Dark Web recently, after the institution was targeted by a cyber security attack in early July this year, while the British University of Lancaster reported to separate incidents last year, where student records were breached.

ZDNet:    Global News:    BBC:    BankInfoSecurity:    Security Boulevard:     Bleeping Computer:    The Cyberwire:   ZDNet

 You Might Also Read:

Universities That Teach Cyber Security At Risk:

 

« TikTok Threatens Legal Action Against US Ban
NZX Stock Market Knocked Offline »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Trust in Digital Life (TDL)

Trust in Digital Life (TDL)

TDL is a membership association comprising companies, SMEs, universities and research institutes who exchange experience and insights to make digital services in Europe trustworthy and safe.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

Sysdig

Sysdig

With Sysdig teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance.

Miradore

Miradore

Miradore is a software company specializing in effective, cloud-based device management. Our goal is to help IT Service Providers and IT departments secure and control devices.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Sabat Group

Sabat Group

Sabat Group provide relationship-driven information security & cyber security recruiting services.

Hunter Strategy

Hunter Strategy

Hunter Strategy focuses on delivering solutions that are concise, scalable, and target our customer’s complex technical challenges.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.

Slide

Slide

Slide is a modern, security-first Business Continuity & Disaster Recovery (BCDR) company built exclusively for Managed Service Providers.

Utilize

Utilize

Utilize is an award-winning technology company with over 25 years of industry expertise, we support hundreds of businesses across London and the South East.

Dark Entry

Dark Entry

Dark Entry provide solutions to safeguard businesses, leveraging advanced technologies and intelligence-driven approaches to detect and mitigate risks associated with compromised data.