Breach at University of Utah demonstrates the dangers of Ransomware
The University of Utah recently paid an enormous lump-sum ransom of over $400,000 USD to a team of hackers. Threatening to publish data, said hackers made their demands clear. In order to avoid catastrophe, the University did so.
The problem did not occur because the University lacked cybersecurity procedures. In fact, a stringent backup plan was in place for just such a disaster. And, according to a statement released by the University, they were able to mitigate an enormous chunk of data from theft. Compromised info only totaled 0.02 percent. So what pushed them into paying the ransom fee?
A malicious approach
The University was aggressively coerced into paying the demanded ransom because third-party attackers threatened to publish private data. Such methods are gaining popularity with attackers as they push with aggressive tactics. Essentially, any stolen information is threatened to be actively sold online, exposing personal details. Despite such a low intrusion rate, this risk was still too high for the University.
Discussing options with its insurance provider, the ransom – totaling $457,059 – was paid. Additionally, no tuition or expense on behalf of students was used to pay the amount.
According to the University, the attack took place on July 19, 2020 and targeted the College of Social and Behavioral Science network.
While the University did not disclose the attackers responsible, experts speculate it was Netwalker. Netwalker is a prolific team of hackers using ransomware strategies to compromise victims.
An expert from Emisoft – Bret Callow – provided backing evidence to support the culprits as Netwalker. Netwalker is responsible for multiple costly cybersecurity attackers earlier in 2020, including victims like the University of California at San Francisco and Michigan State. The pattern is consistent when targeting education-based networks (primarily universities and colleges).
Callow was critical of the University of Utah’s decision to pay the ransom. Paying ransoms can encourage bad actors to continue their malicious activity, as it demonstrates their methods have a direct payoff. Given the choice between compromising private data and paying, obviously, UoU chose the latter.
Another cautionary tale
The aftermath doesn’t paint a hopeful picture. Digital robbers made good on their attack and ran away with nearly $500,000 in payouts. Even with such limited encryption (less than one percent), the benefit for malicious third parties is obvious. Paying into the ransom justifies their efforts, showcasing they can make a large financial gain with minimal intrusion.
Even with preliminary defenses in place, the University of Utah faced a difficult decision. However, it is absolutely worth championing their backup methods and response to the crisis. Would that the university network lack sufficient policies and BDR plans, this intrusion could’ve been far more devastating. Ultimately, they valued the privacy of their student base over all else.
In a complicated circumstance, the University made the best possible decision they could.
Attacks such as these are all too common, unfortunately, and target different networks. As you can see, even school databases are up for grabs, demonstrating the dangers of ransomware and malicious third parties.
If you’re sweating compromised data, you should talk with a team of IT experts. Bytagig is here to help, and you can contact us today.