The University of Utah has launched a notice updating its group of school and college students on a serious ransomware incident. In accordance with the discover, launched Aug. 20, the University of Utah’s School of Social and Behavioral Science (CSBS) “experienced a criminal ransomware attack, which rendered its servers temporarily inaccessible.” This incident occurred on July 19 and brought on roughly .02 p.c of the info on the servers to be compromised. This information included private information on school and members of the scholar physique. The discover states that a vulnerability was responsible for the ransomware infecting the servers.
On July 29 — 10 days after the ransomware assault — the University of Utah despatched out a campus-wide discover to all members of the group, instructing them to alter their passwords. The University of Utah said that the order to alter passwords got here so late resulting from regulation enforcement’s solutions throughout the investigation, specifically that “preparations had to be made to ensure that password resets went smoothly in each campus entity.”
The discover didn’t reveal who was accountable for the ransomware assault, however the University of Utah admitted it paid the ransom to the tune of $457,059.24. The cash got here from a cyber insurance policy. No different funds, similar to tuition, have been used to pay for the ransom, the University mentioned.
In a statement to Threatpost’s Lindsey O’ Donnell, a University of Utah spokesman said that they obtained the ransomware decryption key upon fee. In addition they had this to say about paying the ransom:
Nonetheless, it [the decryption key] was not a main consideration in paying the ransom… We have been capable of get well nearly all the things from backups, however it’s helpful to have the flexibility to decrypt and get well recordsdata created after the final backup… We proceed to parse the data that was stolen, and we’ll replace the [press release] with the findings of the evaluation as soon as it’s accomplished… Whereas the attackers stole a small quantity of information relative to the entire quantity of recordsdata saved, there are nonetheless many paperwork to look at completely.
The official place of most safety professionals is that paying the ransom throughout a ransomware incident is the mistaken transfer. What’s accomplished is completed on this case, however all of the University of Utah has accomplished is prone to encourage its attackers to strike once more. There isn’t any assure that they, whoever it was behind the assault, is not going to come again for seconds. Moreover, there may be by no means a assure that attackers will hand over the decryption key as soon as paid.
Ransomware is right here to remain, so it’s critical that organizations around the globe transfer to a unified, efficient technique to counter the inevitable assaults. Universities, particularly, are experiencing an uptick in ransomware assaults. As such, they need to implement the methods quickly.
Featured picture: Wikimedia/Ricardo630