Utah University Pays Half Million Dollar Ransom Demand

In a 'data security incident' notification posted the University of Utah has disclosed they were successfully attacked with ransomware on July 19 and the University has now revealed that it paid cyber criminals $457,000 in order to avoid having hackers leak student information online. The stolen data contained student and employee information and the university management decided to pay the ransom to prevent it from being leaked. 

The university states that their cyber insurance policy paid a ransom of $457,059.24 USD and that no "tuition, grant, donation, state or taxpayer funds were used to pay the ransom."

The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files as part of an extortion scheme. In a statement posted on the University website, it said that it had actively dodged a major ransomware incident and that the hackers managed to encrypt only 0.02% of the data stored on its servers. 

The university said its staff restored from backups; however, the ransomware gang threatened to release student-related data online, which, in turn, made university management change their approach towards not paying the attackers. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker," the university said. 

In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have also begun stealing data from their networks before encrypting it.

If the victim, usually a large company, refuses to pay, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident. Because more organisations are now better prepared to recover from a ransomware attack by using backups to regain access to data that was encrypted, attackers are also exfiltrating data and threatening to leak it if a ransom is not paid.

Ransomware operators typically keep their side of the bargain and do not disclose the information stolen during these attacks if a ransom had been paid.

The University of Utah is not alone in recently paying ransom payments. In June UC San Francisco paid $1.14 million ransom to receive a decryptor and recover their files. The attacks on hospitals and healthcare organisations aren’t about to stop soon, and it’s not just a challenge in the United States.  Recently, European Commission President Ursula von der Leyen said China has been hacking hospitals and health care providers throughout the pandemic and has for the first time applied sanctions against various named attackers, including two Chinese citizens.

When it comes to data breaches, healthcare organisations have a somewhat different mix of threat actors they face. According to the 2019 Verizon Data Breach Investigations Report (DBIR), the majority of data breaches in healthcare involve internal actors, or trusted insiders.  The DBIR found that 59% of data breaches in healthcare involved someone on the inside, and 4% trusted partners. 

British And Canadian Colleges Also Attacked

In the UK a higher education college suffered "a significant malicious cyber-attack" which meant the students could not access their GCSE and other exam results online.Myerscough College, in Lancashire that specialises in sports, equine studies and agriculture, said it meant staff had to email each student individually with their grades.

 Data from the Royal Military College (RMC) of Canada was leaked on the Dark Web recently, after the institution was targeted by a cyber security attack in early July this year, while the British University of Lancaster reported to separate incidents last year, where student records were breached.

ZDNet:    Global News:    BBC:    BankInfoSecurity:    Security Boulevard:     Bleeping Computer:    The Cyberwire:   ZDNet

 You Might Also Read:

Universities That Teach Cyber Security At Risk:

 

« TikTok Threatens Legal Action Against US Ban
NZX Stock Market Knocked Offline »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

King & Spalding

King & Spalding

King & Spalding is an international law firm with offices in the United States, Europe and the Middle East. Practice areas include Data, Privacy & Security.

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

CLUSIS

CLUSIS

CLUSIS is an association for the information security industry in Switzerland.

Center for Identity - University of Texas at Austin

Center for Identity - University of Texas at Austin

The mission of the Center is to deliver the highest-quality discoveries, applications, education, and outreach for excellence in identity management, privacy, and security.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

Armorblox

Armorblox

Armorblox stops targeted email attacks such as 0-day credential phishing, payroll fraud, vendor fraud, and other threats that get past legacy security controls.

PizzlySoft

PizzlySoft

PizzlySoft is a global company that is seeking convergence of network and security / software and hardware. We put our value on creating the best security.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Stripe OLT

Stripe OLT

At Stripe OLT, we provide complete business technology solutions - Our team has an unrivalled reputation as a Microsoft Gold Partner, specialising in secure, cloud-first technology.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

Two99

Two99

Two99 provide tailored excellence in the areas of E-Commerce, Marketing, Consulting, and Cyber Security.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.