Scammers and hackers will do anything to make their money. It’s not enough that they encrypt your files and demand a ransom, now they will steal your files and threaten to leak them if you refuse to pay.
This just recently happened at the University of Utah, and after restoring their files from backups, they still paid $475,059 to avoid student data being leaked.
While the sum they paid is probably less than the inevitable lawsuit had student’s financial information been leaked online, nobody wants to cave to ransom demands. Knowing they can walk away with large sums and no consequences is what continues to escalate the number of attacks we see on organizations by ransomware gangs.
The University of Utah’s attack is not uncommon, this trick to steal sensitive files before encrypting the data is becoming a popular extortion scheme.
In this situation, “the hackers managed to encrypt only 0.02% of the data stored on its servers,” lucky for the University. They then were able to restore from backups and had no need to pay the ransom, until the threat student-related data would be leaked to the public.
“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker,” The University released in a statement. “This was done as a proactive and preventive step to ensure information was not released on the internet… The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom.”
The attack itself took place on July 19th, 2020 and impacted the network of the University’s College of Social and Behavioral Science (CSBS).
The name of the Ransomware gang responsible has not yet been announced, although threat analyst at cybersecurity firm Emsisoft suspects it was the NetWalker ransomware gang. This group has so far stolen more than 25 million dollars this year alone, recently targeting university networks such as Michigan State, the University of California San Francisco (who paid $1.14 million), Columbia College Chicago, and the City University of Seattle.
The same analyst in a note to ZDnet reported “All what organizations are paying for in this scenario [ransom to prevent leaked data] is a pinky promise from a bad faith actor that the stolen data will be destroyed. Whether the groups do ever destroy data is something only they know, but I suspect they do not. Why would they? They may be able to monetize the information at a later data or use it for spear phishing or identity theft.”
The best way to avoid a ransomware attack, and a threat of leaked data, is to be fully prepared and protected.
Image Source: Pexels