The reason for the payment is that cybercriminals threatened to leak student information online. This is yet another case of ransomware criminals stealing sensitive files prior to encrypting them.
University of Utah Ransomware Attack
According to the official statement, “on Sunday, July 19, 2020, the university’s College of Social and Behavioral Science (CSBS) was notified by the university’s Information Security Office (ISO) of a ransomware attack on CSBS computing servers. Content on the compromised CSBS servers was encrypted by an unknown entity and no longer accessible by the college.”
The statement also reveals that the ransomware succeeded to encrypt 0.02$ of the data stored on the university’s servers. The good news is that the staff successfully restored data from backups; however, the threat of having student details leaked online made them pay the ransom. The deed of paying was done as a preventive measure against further compromise.
“The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom,” the statement said.
The group behind the ransomware attack is still not known.
Ransom Demands Steadily Growing in 2020
Surprisingly or not, the ransomware demand has continued to grow in 2020. Coveware researchers recently revealed that the average ransomware payout has increased in the first quarter of 2020, reaching the staggering $111,605, with Ryuk and Sodinokibi ransomware families being the main culprits for this increase.
One reason for this growth is that advanced ransomware groups typically utilize methods that give them access to more valuable assets. Such attacks usually exploit unpatched vulnerabilities in public-facing apps and compromised MSPs (managed service providers). The later stages of these attacks include establishing persistence, escalating privileges, bypassing protections, obtaining various credentials, mapping networks, stealing files, and later encrypting them.
As for the case of the University of Utah, an analysis showed that specific vulnerabilities were at fault for the attack, because of its decentralized nature and complex computing needs. “This incident helped identify a specific weakness in a college, and that vulnerability has been fixed,” the university officials said.