University of Utah paid attackers $457,000 of ransom

Representatives from the University of Utah said the institution was recently forced to pay attackers a ransom of $457,059 to prevent leakage of student data.

The official statement says that in July 2020, the educational institution managed to avoid a serious ransomware attack, during which unnamed hackers were able to encrypt only 0.02% of the data stored on the university’s servers.

Although in the end all this data was safely restored from backups, even before encryption began, the attackers managed to steal information about university students, and then demanded a ransom from the management of the educational institution, otherwise threatening to publish the stolen data in the public domain.

Blackmail forced the University of Utah to make concessions and pay the extortionists.

“Fortunately, part of the requested amount was covered by a special cyber insurance policy, and the university provided only the rest of the funds”, – said University of Utah representatives.

At the same time, it is emphasized that the received tuition fees, grants, donations, government funds or taxpayers’ money were not used to pay the ransom.

ZDNet, citing Emsisoft specialist Brett Callow, reports that the attack appears to have been behind the NetWalker hack, although there is no official confirmation of this.

Let me remind you that the NetWalker ransomware was discovered in 2019, and in 2020 the group’s activity significantly increased. Until recently, the most famous victims of NetWalker were Michigan State University, the University of California, San Francisco ($1,140,000 ransom paid), Columbia College Chicago, and Seattle City University.

According to McAfee experts, NetWalker poses a threat not only to American companies and educational institutions, but also to companies from Western Europe. Recently, researchers have calculated that the creators of the ransomware have already “earned” at least $25 million from their brainchild.

Brett Callow believes the University of Utah officials did not have to pay the ransom, and are warning others against doing so.

“Paying a ransom to prevent the publication of data looks pointless. All the organizations pay for in this case is the honest promise of criminals that they will destroy the stolen data. However, only the group knows if they will really destroy data, but I suspect that they will not. Why would they? Later, they can monetize this information, use it for targeted phishing or steal personal data”, — warn the expert.

Let me remind you that cybercriminals now require two ransoms: one for decryption, and the second for deleting stolen files.