BreachExchange mailing list archives
University of Utah hit by ransomware, pays $457K ransom
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 24 Aug 2020 09:31:13 -0500
https://www.bleepingcomputer.com/news/security/university-of-utah-hit-by-ransomware-pays-457k-ransom/ The University of Utah has paid a $457,000 ransomware to prevent threat actors from releasing files stolen during a ransomware attack. In a 'data security incident' notification posted today, the University of Utah disclosed that they were attacked by ransomware on Sunday, July 19, 2020. On Sunday, July 19, 2020, the university’s College of Social and Behavioral Science (CSBS) was notified by the university’s Information Security Office (ISO) of a ransomware attack on CSBS computing servers. Content on the compromised CSBS servers was encrypted by an unknown entity and no longer accessible by the college," the University of Utah disclosed. The attack encrypted the servers in the university's College of Social and Behavioral Science (CSBS) department. As part of the attack, the threat actors stole unencrypted data before encrypting computers. Since the end of 2019, ransomware operators have started stealing unencrypted files before deploying their ransomware. The ransomware gang then threatens the victims by saying they will publicly leak the stolen files if a ransom is not paid. As the stolen data contained student and employee information, the university decided to pay the ransom to prevent it from being leaked. "After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet," stated in their data security incident notification. The university states that their cyber insurance policy paid a ransom of $457,059.24 USD and that no "tuition, grant, donation, state or taxpayer funds were used to pay the ransom." Not only a ransomware attack but also a data breach Ransomware operators typically keep their side of the bargain and do not disclose the information stolen during these attacks if a ransom had been paid. With that said, this is a data breach, and those affected must act accordingly to protect their data, credit history, and other accounts. There is nothing to say that the threat actors will not use the stolen data for their own purposes, such as identity theft and phishing attacks against students and employees. Due to this, it is strongly suggested that all students and employees in the College of Social and Behavioral Science (CSBS) carefully monitor their credit history for fraudulent activity and change any passwords that they utilize online. The University of Utah is not alone in recently paying ransom payments. In June 2020, UC San Francisco paid a $1.14 million ransom payment to receive a decryptor and recover their files. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- University of Utah hit by ransomware, pays $457K ransom Destry Winant (Aug 24)