Utah University Pays Half Million Dollar Ransom Demand

In a 'data security incident' notification posted the University of Utah has disclosed they were successfully attacked with ransomware on July 19 and the University has now revealed that it paid cyber criminals $457,000 in order to avoid having hackers leak student information online. The stolen data contained student and employee information and the university management decided to pay the ransom to prevent it from being leaked. 

The university states that their cyber insurance policy paid a ransom of $457,059.24 USD and that no "tuition, grant, donation, state or taxpayer funds were used to pay the ransom."

The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files as part of an extortion scheme. In a statement posted on the University website, it said that it had actively dodged a major ransomware incident and that the hackers managed to encrypt only 0.02% of the data stored on its servers. 

The university said its staff restored from backups; however, the ransomware gang threatened to release student-related data online, which, in turn, made university management change their approach towards not paying the attackers. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker," the university said. 

In an attempt to put additional pressure on hacked companies to pay ransom demands, several ransomware groups have also begun stealing data from their networks before encrypting it.

If the victim, usually a large company, refuses to pay, the ransomware gangs threaten to leak the information online, on so-called "leak sites" and then tip journalists about the company's security incident. Because more organisations are now better prepared to recover from a ransomware attack by using backups to regain access to data that was encrypted, attackers are also exfiltrating data and threatening to leak it if a ransom is not paid.

Ransomware operators typically keep their side of the bargain and do not disclose the information stolen during these attacks if a ransom had been paid.

The University of Utah is not alone in recently paying ransom payments. In June UC San Francisco paid $1.14 million ransom to receive a decryptor and recover their files. The attacks on hospitals and healthcare organisations aren’t about to stop soon, and it’s not just a challenge in the United States.  Recently, European Commission President Ursula von der Leyen said China has been hacking hospitals and health care providers throughout the pandemic and has for the first time applied sanctions against various named attackers, including two Chinese citizens.

When it comes to data breaches, healthcare organisations have a somewhat different mix of threat actors they face. According to the 2019 Verizon Data Breach Investigations Report (DBIR), the majority of data breaches in healthcare involve internal actors, or trusted insiders.  The DBIR found that 59% of data breaches in healthcare involved someone on the inside, and 4% trusted partners. 

British And Canadian Colleges Also Attacked

In the UK a higher education college suffered "a significant malicious cyber-attack" which meant the students could not access their GCSE and other exam results online.Myerscough College, in Lancashire that specialises in sports, equine studies and agriculture, said it meant staff had to email each student individually with their grades.

 Data from the Royal Military College (RMC) of Canada was leaked on the Dark Web recently, after the institution was targeted by a cyber security attack in early July this year, while the British University of Lancaster reported to separate incidents last year, where student records were breached.

ZDNet:    Global News:    BBC:    BankInfoSecurity:    Security Boulevard:     Bleeping Computer:    The Cyberwire:   ZDNet

 You Might Also Read:

Universities That Teach Cyber Security At Risk:

 

« TikTok Threatens Legal Action Against US Ban
NZX Stock Market Knocked Offline »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

Venable

Venable

Venable is an American Lawyer 100 law firm with nine offices across the USA, Practice areas include Cybersecurity.

Sopra Steria

Sopra Steria

Sopra Steria is a leading European information technology consultancy.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

Cyber Defense Agency (CDA)

Cyber Defense Agency (CDA)

Cyber Defense Agency is a premier professional services firm specializing in cyber security, computer network defense, and information security.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

101 Blockchains

101 Blockchains

101 Blockchains is a professional and trusted provider of enterprise blockchain research and training.

AmWINS Group

AmWINS Group

AmWINS are a global specialty insurance distributor with expertise in property, casualty and professional lines including cyber liability.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

Cisilion

Cisilion

Cisilion's mission is simple – to transform and connect business with next-generation IT infrastructure. Our expertise includes enterprise networking, security, data centre & cloud, managed services.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Disecto Technologies

Disecto Technologies

At Disecto, we provide SaaS based Data Discovery, Classification and a remediation solution for data privacy compliance.

Tracer

Tracer

Tracer (formerly Appdetex) is a next-generation brand protection solution. It constantly finds, analyzes, and stops brand abuse across Web2 and Web3 digital channels.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.