[BreachExchange] University of Utah hit by ransomware, pays $457K ransom

Mon Aug 24 10:31:13 EDT 2020

https://www.bleepingcomputer.com/news/security/university-of-utah-hit-by-ransomware-pays-457k-ransom/

The University of Utah has paid a $457,000 ransomware to prevent
threat actors from releasing files stolen during a ransomware attack.

In a 'data security incident' notification posted today, the
University of Utah disclosed that they were attacked by ransomware on
Sunday, July 19, 2020.

On Sunday, July 19, 2020, the university’s College of Social and
Behavioral Science (CSBS) was notified by the university’s Information
Security Office (ISO) of a ransomware attack on CSBS computing
servers. Content on the compromised CSBS servers was encrypted by an
unknown entity and no longer accessible by the college," the
University of Utah disclosed.

The attack encrypted the servers in the university's College of Social
and Behavioral Science (CSBS) department. As part of the attack, the
threat actors stole unencrypted data before encrypting computers.

Since the end of 2019, ransomware operators have started stealing
unencrypted files before deploying their ransomware. The ransomware
gang then threatens the victims by saying they will publicly leak the
stolen files if a ransom is not paid.

As the stolen data contained student and employee information, the
university decided to pay the ransom to prevent it from being leaked.

"After careful consideration, the university decided to work with its
cyber insurance provider to pay a fee to the ransomware attacker. This
was done as a proactive and preventive step to ensure information was
not released on the internet," stated in their data security incident
notification.

The university states that their cyber insurance policy paid a ransom
of $457,059.24 USD and that no "tuition, grant, donation, state or
taxpayer funds were used to pay the ransom."

Not only a ransomware attack but also a data breach

Ransomware operators typically keep their side of the bargain and do
not disclose the information stolen during these attacks if a ransom
had been paid.

With that said, this is a data breach, and those affected must act
accordingly to protect their data, credit history, and other accounts.

There is nothing to say that the threat actors will not use the stolen
data for their own purposes, such as identity theft and phishing
attacks against students and employees.

Due to this, it is strongly suggested that all students and employees
in the College of Social and Behavioral Science (CSBS) carefully
monitor their credit history for fraudulent activity and change any
passwords that they utilize online.

The University of Utah is not alone in recently paying ransom payments.

In June 2020, UC San Francisco paid a $1.14 million ransom payment to
receive a decryptor and recover their files.