Back to School Bedlam for the University of Utah

As we enter into the end of August/start of September, a lot of us are concerned with our children going back to school. Even without the current COVID restrictions, parents have plenty on their plate: school supplies, books and a plethora of other tasks that need to be tended to. On the other hand, teachers and lecturers now find themselves returning to a familiar environment with some unfamiliar restrictions. The last thing they want to deal with on top of that is a ransomware attack.

On Sunday July 19, the University of Utah’s College of Social and Behavioral Sciences, based in the US, woke to find many of their servers infected with ransomware. Neither the type of ransomware nor the vulnerability used to gain access to the college’s servers were disclosed, but the college has stated the vulnerability has since been patched. Before taking further action, the University wisely engaged the support of an independent consultancy with the expertise necessary to tackle ransomware infections.

The Utah school has since paid the ransom, which amounted to $457,059.24, and have received the decryption key. They have stated that, while they had regular backups of the system, that the decryption key will be useful in decrypting files that were created between the last backup and the attack.

Higher education institutes like colleges and universities are being targeted more and more by cyber-criminals; just last month the Columbia College of Chicago suffered a similar attack, in which the NetWalker ransomware was used to encrypt a wealth of private student data. Netwalker is an incredibly lucrative piece of ransomware that is provided as a service; similar to how you or I would pay for Office 365. Since March, the software has generated $29 million for it’s users.

 

How can we help?

Secora Consulting offers a number of services that can help you improve your cyber resilience. Identify IT pain points and outdated software with our vulnerability assessments, or test your response to a real world threat with our adversary simulations. Should the worst case scenario occur, our incident response service can help eradicate malware and rebuild your network to get you back on track.

If you have any questions or are unsure if the steps you are taking to help keep your organisation secure during this period are working. Get in touch!