Utah University Pays Half Million Dollar Ransom Demand

Uploaded on 2020-08-26 in TECHNOLOGY--Hackers, NEWS-News Analysis, FREE TO VIEW

In a 'data security incident' notification posted the University of Utah has disclosed they were successfully attacked with ransomware on July 19 and the University has now revealed that it paid cyber criminals $457,000 in order to avoid having hackers leak student information online. The stolen data contained student and employee information and the university management decided to pay the ransom to prevent it from being leaked. 

The university states that their cyber insurance policy paid a ransom of $457,059.24 USD and that no "tuition, grant, donation, state or taxpayer funds were used to pay the ransom."

The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files as part of an extortion scheme. In a statement posted on the University website, it said that it had actively dodged a major ransomware incident and that the hackers managed to encrypt only 0.02% of the data stored on its servers. 

The university said its staff restored from backups; however, the ransomware gang threatened to release student-related data online, which, in turn, made university management change their approach towards not paying the attackers. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker," the university said. 

In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have also begun stealing data from their networks before encrypting it.

If the victim, usually a large company, refuses to pay, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident. Because more organisations are now better prepared to recover from a ransomware attack by using backups to regain access to data that was encrypted, attackers are also exfiltrating data and threatening to leak it if a ransom is not paid.

Ransomware operators typically keep their side of the bargain and do not disclose the information stolen during these attacks if a ransom had been paid.

The University of Utah is not alone in recently paying ransom payments. In June UC San Francisco paid $1.14 million ransom to receive a decryptor and recover their files. The attacks on hospitals and healthcare organisations aren’t about to stop soon, and it’s not just a challenge in the United States.  Recently, European Commission President Ursula von der Leyen said China has been hacking hospitals and health care providers throughout the pandemic and has for the first time applied sanctions against various named attackers, including two Chinese citizens.

When it comes to data breaches, healthcare organisations have a somewhat different mix of threat actors they face. According to the 2019 Verizon Data Breach Investigations Report (DBIR), the majority of data breaches in healthcare involve internal actors, or trusted insiders.  The DBIR found that 59% of data breaches in healthcare involved someone on the inside, and 4% trusted partners. 

British And Canadian Colleges Also Attacked

In the UK a higher education college suffered "a significant malicious cyber-attack" which meant the students could not access their GCSE and other exam results online.Myerscough College, in Lancashire that specialises in sports, equine studies and agriculture, said it meant staff had to email each student individually with their grades.

 Data from the Royal Military College (RMC) of Canada was leaked on the Dark Web recently, after the institution was targeted by a cyber security attack in early July this year, while the British University of Lancaster reported to separate incidents last year, where student records were breached.

ZDNet:    Global News:    BBC:    BankInfoSecurity:    Security Boulevard:     Bleeping Computer:    The Cyberwire:   ZDNet

 You Might Also Read:

Universities That Teach Cyber Security At Risk:

 

« TikTok Threatens Legal Action Against US Ban
NZX Stock Market Knocked Offline »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

ICS2

ICS2

ICS² is the first cyber security company focusing on protecting the control system of power, oil, gas, and petrochemicals plants.

NetFort

NetFort

NetFort provides software products to monitor activity on virtual and physical networks.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

PeckShield

PeckShield

PeckShield is a blockchain security company which aims to elevate the security, privacy, and usability of entire blockchain ecosystem by offering top-notch, industry-leading services and products.

SK Shieldus

SK Shieldus

SK shieldus are a converged security provider with business capabilities in both cybersecurity and physical security based on Big-Tech.

Aiden Technologies

Aiden Technologies

Aiden simplifies your IT process, giving you peace of mind and security by ensuring your computers get exactly the software they need and nothing else.

Cloudflare

Cloudflare

Cloudflare is a global network designed to make everything you connect to the Internet secure, private, fast, and reliable.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.