Utah University Pays Half Million Dollar Ransom Demand

In a 'data security incident' notification posted the University of Utah has disclosed they were successfully attacked with ransomware on July 19 and the University has now revealed that it paid cyber criminals $457,000 in order to avoid having hackers leak student information online. The stolen data contained student and employee information and the university management decided to pay the ransom to prevent it from being leaked. 

The university states that their cyber insurance policy paid a ransom of $457,059.24 USD and that no "tuition, grant, donation, state or taxpayer funds were used to pay the ransom."

The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files as part of an extortion scheme. In a statement posted on the University website, it said that it had actively dodged a major ransomware incident and that the hackers managed to encrypt only 0.02% of the data stored on its servers. 

The university said its staff restored from backups; however, the ransomware gang threatened to release student-related data online, which, in turn, made university management change their approach towards not paying the attackers. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker," the university said. 

In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have also begun stealing data from their networks before encrypting it.

If the victim, usually a large company, refuses to pay, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident. Because more organisations are now better prepared to recover from a ransomware attack by using backups to regain access to data that was encrypted, attackers are also exfiltrating data and threatening to leak it if a ransom is not paid.

Ransomware operators typically keep their side of the bargain and do not disclose the information stolen during these attacks if a ransom had been paid.

The University of Utah is not alone in recently paying ransom payments. In June UC San Francisco paid $1.14 million ransom to receive a decryptor and recover their files. The attacks on hospitals and healthcare organisations aren’t about to stop soon, and it’s not just a challenge in the United States.  Recently, European Commission President Ursula von der Leyen said China has been hacking hospitals and health care providers throughout the pandemic and has for the first time applied sanctions against various named attackers, including two Chinese citizens.

When it comes to data breaches, healthcare organisations have a somewhat different mix of threat actors they face. According to the 2019 Verizon Data Breach Investigations Report (DBIR), the majority of data breaches in healthcare involve internal actors, or trusted insiders.  The DBIR found that 59% of data breaches in healthcare involved someone on the inside, and 4% trusted partners. 

British And Canadian Colleges Also Attacked

In the UK a higher education college suffered "a significant malicious cyber-attack" which meant the students could not access their GCSE and other exam results online.Myerscough College, in Lancashire that specialises in sports, equine studies and agriculture, said it meant staff had to email each student individually with their grades.

 Data from the Royal Military College (RMC) of Canada was leaked on the Dark Web recently, after the institution was targeted by a cyber security attack in early July this year, while the British University of Lancaster reported to separate incidents last year, where student records were breached.

ZDNet:    Global News:    BBC:    BankInfoSecurity:    Security Boulevard:     Bleeping Computer:    The Cyberwire:   ZDNet

 You Might Also Read:

Universities That Teach Cyber Security At Risk:

 

« TikTok Threatens Legal Action Against US Ban
NZX Stock Market Knocked Offline »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Atlantic Council

Atlantic Council

The Atlantic Council's Cyber Statecraft Initiative focuses on international cooperation, competition, and conflict in cyberspace.

Latvian Information & Communications Technology Association (LIKTA)

Latvian Information & Communications Technology Association (LIKTA)

LIKTA brings together leading Latvian companies, organizations and professionals in the field of Information & Communications Technology

Haystax Technology

Haystax Technology

Haystax’s security analytics platform applies artificial intelligence techniques to identify and prioritize threats in real time.

Omada

Omada

Omada is a leading provider of IT security solutions and services for identity management and access governance.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

Tech Mahindra

Tech Mahindra

Tech Mahindra is a global leader in IT solutions, BPO, business consulting services & digital technologies.

SecureMe2

SecureMe2

SecureMe2 ‘s mission is to make organizations more responsive to digital threats by deploying smart technology in a highly accessible way.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

TM One

TM One

TM One is the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) Group.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute (WCRI)

Wolverhampton Cyber Research Institute builds on the strength of its members in the area of network and communication security, artificial intelligence, big data and cyber physical systems.

Deutsche Gesellschaft für Cybersicherheit (DGC)

Deutsche Gesellschaft für Cybersicherheit (DGC)

As a leading provider of cyber security, DGC supports companies in taking advantage of the opportunities offered by the digital transformation – and in minimizing the associated risks.

Peris.ai

Peris.ai

Peris.ai is a cybersecurity as a service startup that protects businesses and organizations from online threats.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.