The University of Utah has been the latest victim of ransomware attacks targeting higher education, prompting it to pay its attackers almost half a million dollars to avoid having its data leaked.
The University of Utah paid extortionists almost half a million dollars after a ransomware attack on some of its computer servers and is now telling students, staff and faculty to change their university passwords.https://t.co/bYahZ8o32x— The Salt Lake Tribune (@sltrib) August 21, 2020
In a statement released by the University, it confirmed that an unknown entity hacked the College of Social and Behavioral Science servers on July 19, making it to be temporarily inaccessible for several hours. “It was determined that approximately .02% of the data on the servers was affected by the attack. This data included employee and student information. The ISO assisted the college in restoring locally managed IT services and systems from backup copies. No central university IT systems were compromised by the attack on the college,” the university said.
The staff, as reported by Cointelegraph, took servers offline to prevent the malware from spreading to other equipment on the campus network, and to ensure its data will remain safe from a possible leak, the university paid an amount of $457,059.24 after thorough internal discussions were made. In the statement, the management explained where the funds came from to cover the ransom, “The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom.” In line with this attack on its computers servers and as precautionary measures, school authorities advised its students, faculty, and staff to change their account’s passwords.
As of press time, the university did not disclose further information about the transaction made between the hackers and did not specify whether they paid in cash or crypto. Decrypt shared that one cybersecurity expert believes the hackers likely demanded Bitcoin.
According to the source, the potential gang involved in this ransomware was NetWalker. They have been the same gang behind Michigan State University’s attack, who refused to pay the ransom amidst the group’s threats of student information and financial statement data leak.