The University of Utah just footed a $457,000 ransomware bill

onetheycallEric

onetheycallEric

Posts: 225   +47
Staff
What just happened? Universities are becoming an increasingly popular -- and seemingly profitable -- attack surface. The University of Utah is the latest educational institution to be accosted by a ransomware attack. While the "unknown entity" who perpetrated the attack hasn't been identified, it's likely the same ransomware gang responsible for similar attacks on other universities as of late.

In a statement provided on its website, The University of Utah disclosed that it paid $457,059.24 in order to mitigate the ransomware attack. The university said that it "decided to work with its cyber insurance provider to pay a fee to the ransomware attacker" in an attempt to prevent sensitive data from being released online.

In summarizing the timeline of the attack, the university stated that on Sunday, July 19, 2020, the university’s Information Security Office (ISO) was notified of an attack on the College of Social and Behavioral Science (CSBS) servers. Data on the CSBS servers had been encrypted by an attacker, and was no longer accessible by the college.

The CSBS servers were immediately isolated from the rest of the network and the internet, while the university performed an investigation and notified law enforcement. It has since been determined that roughly .02 percent of data stored on the servers was compromised in the attack. The affected data included potentially sensitive information on employees and students. The university's Information Security Office worked with an external firm specializing in ransomware attacks to resolve the incident, and is reporting that no other IT systems on campus were affected.

The University of Utah is just the latest higher education target for ransomware attacks, as both Michigan State and the University of California at San Francisco have also recently suffered ransomware attacks. It's usually recommend that ransomware targets don't crack under the pressure to pay. However, in some cases, victims will opt to a pay a ransom in an attempt to mitigate the fallout.

In the case of the University of California at San Francisco, the college opted to pay a ransom fee of $1.14M to secure confidential research files. Regarding the University of Utah, paying the ransomware fee was likely cheaper than the potential litigation resulting from a data breach affecting staff and students.

In all of the above mentioned cases, the NetWalker ransomware gang is believed to be responsible. It's estimated that NetWalker has amassed more than $25M as a result of ransomware attacks this year alone. Ransomware attacks continue to rise and are becoming both more sophisticated and costly.

Image credit: Michael Gordon

Permalink to story.

https://www.techspot.com/news/86472-university-utah-footed-457000-ransomware-bill.html

 
I'd like the US and other countries to outlaw these payments. The attacks happen because there's money in it. Remove the money and they'll turn to other opportunities.

I'd also be in favor of at least occasional extreme law enforcement and/or military response (in the case of attacks on military infrastructure, cities, etc.) Letting some of the perpetrators who may feel they are untouchable because they live in a non-extradition country know they are not out of say rendition or drone missile range might go a long way towards dampening enthusiasm for this industry.
 
  • Like
Reactions: veLa, tacobravo, sdms96825 and 9 others
I hope they find these people and immediately shoot a tomahawk at their front door. Same goes for state actors, if your hacking us tied to a state military we send a cruise misse into your dictators private residence.
 
  • Like
Reactions: AudoBell and sdms96825
Lets not forget that 450k isnt that big of money to a university that makes millions every year. The reason ppl/companies or even Universities pay these is because its typically cheaper than any other option. Its not just people who want to hide things, tons of companies and Universities dont want certain things getting out. Its simply cyber blackmail. Why as a country they cant get it under control is beyond me. Or maybe because they were trained by US in some way or another.
 
Last edited:
  • Like
Reactions: Ludak021
So sad - there go a lot of tuition payments. I think these people should be treated as some subclass of terrorists because they attack our infrastructure. Of course I think that of robocallers too.
 
  • Like
Reactions: sdms96825
" It has since been determined that roughly .02 percent of data stored on the servers was compromised in the attack. The affected data included potentially sensitive information on employees and students. "

Sensitive data?? Have they heard of that thing called ENCRYPTION???
 
brucek said:
I'd like the US and other countries to outlaw these payments. The attacks happen because there's money in it. Remove the money and they'll turn to other opportunities.

I'd also be in favor of at least occasional extreme law enforcement and/or military response (in the case of attacks on military infrastructure, cities, etc.) Letting some of the perpetrators who may feel they are untouchable because they live in a non-extradition country know they are not out of say rendition or drone missile range might go a long way towards dampening enthusiasm for this industry.
Click to expand...
like how obama spoke on behalf of the world in 2009 and said they wont pay 3 million to the captor's of the Jordanian pilot, then 10 minutes after his speech the pilot was burned to death while hung in a cage in a middle eastern dessert. obama went to play golf by the way soon after. so you want a law prohibiting payment to hackers, and you think it will stop them from doing acts of hacking... rigghtttt.....
 
SixTymes said:
like how obama spoke on behalf of the world in 2009 and said they wont pay 3 million to the captor's of the Jordanian pilot, then 10 minutes after his speech the pilot was burned to death while hung in a cage in a middle eastern dessert. obama went to play golf by the way soon after. so you want a law prohibiting payment to hackers, and you think it will stop them from doing acts of hacking... rigghtttt.....
Click to expand...

Well for starters the Jordanian pilot was killed in 2015, not 2009.

https://www.irishtimes.com/news/wor...ill-strengthen-coalition-says-obama-1.2090195

Second, your amount is completely incorrect. It was $200 million USD, not 3 million.

https://www.cnbc.com/2015/02/03/bur...rports-to-show-murder-of-jordanian-pilot.html

Third, Obama did not golf on that day or the following 3 days: https://trumpgolfcount.com/displayobamaoutings

Not only is your point off topic (Obama has nothing to do with this article), it's made up of easily disproven rumors started by fox news a long time again. On top of that it was based off an OPINION piece: https://www.foxnews.com/transcript/jordans-terror-retaliation-vs-president-obamas-isis-strategy


On topic, these types of payments ultimately don't solve the problem. There's no way to ensure the data hasn't been copied / shared in any way, shape, or form. The only thing these universities know is that on their end, their data has been encrypted. Giving them payment on the other hand simply allows them to fund additional illicit activities. It also doesn't address their security issues.

Probably the best way to prevent attacks like this is to address the lackluster handling of sensitive data by companies, universities, or any other entity that handles sensitive user information. Regulation requiring reasonable security standards are likely the best defense. I believe the nation as a whole can benefit from a set of good security practices from the nation's top cyber security experts. One poster above mentioned outlawing payments but that's treating the symptom, not the cause. Measures should be put in place to prevent these situations from ever happening. After all, the only reason data isn't being properly secured is because any entity that has a bottom line will likely put data security low on the list, simply because it's one of those things you can get away with not having.

America looses $109 billion each year from online scams, fishing, ransomware, or any other malicious attack that originates from the internet. What I see is a country essentially letting it's opponents steal money from it's citizens, spread propaganda, and steal research and intellectual property. I would say "at what point does American fight back" but given the current president is in place due to the graces of foreign powers, it's no surprise this kind of activity is more welcome than ever.
 
  • Like
Reactions: Entropy1, veLa, zamroni111 and 3 others
SixTymes said:
like how obama spoke on behalf of the world in 2009 and said they wont pay 3 million to the captor's of the Jordanian pilot, then 10 minutes after his speech the pilot was burned to death while hung in a cage in a middle eastern dessert. obama went to play golf by the way soon after. so you want a law prohibiting payment to hackers, and you think it will stop them from doing acts of hacking... rigghtttt.....
Click to expand...
When did you join QAnon? Was this before or after you suffered a time warp? The Jordanian pilot affair was in 2015, not 2009. The US was not asked to pay $3M ransom for the Jordanian pilot. However, I do remember that President Obama was criticized by some for turning down King Abdullah's request for Predator spy drones that would help them locate ISIS targets. Other than all that, everything you said was spot on.
 
  • Like
Reactions: veLa
brucek said:
I'd like the US and other countries to outlaw these payments. The attacks happen because there's money in it. Remove the money and they'll turn to other opportunities.

I'd also be in favor of at least occasional extreme law enforcement and/or military response (in the case of attacks on military infrastructure, cities, etc.) Letting some of the perpetrators who may feel they are untouchable because they live in a non-extradition country know they are not out of say rendition or drone missile range might go a long way towards dampening enthusiasm for this industry.
Click to expand...

The only real solution. Outlaw all ransomware ransom payments. Simple and effective.

What stops even University admins/deans/heads/IT staff from stealing funds by setting up a ransomware attack and making payments to a anonymized bitcoin wallet? It will increase exponentially in future due to ease, safety and massive returns. Better nip it in the bud before it becomes a wildfire.
 
  • Like
Reactions: MaxSmarties
brucek said:
I'd like the US and other countries to outlaw these payments. The attacks happen because there's money in it. Remove the money and they'll turn to other opportunities.

I'd also be in favor of at least occasional extreme law enforcement and/or military response (in the case of attacks on military infrastructure, cities, etc.) Letting some of the perpetrators who may feel they are untouchable because they live in a non-extradition country know they are not out of say rendition or drone missile range might go a long way towards dampening enthusiasm for this industry.
Click to expand...
They'll just do it under the table then. Nobody gives a **** about the law if the data is compromising.
 
Eldritch said:
The only real solution. Outlaw all ransomware ransom payments. Simple and effective.

What stops even University admins/deans/heads/IT staff from stealing funds by setting up a ransomware attack and making payments to a anonymized bitcoin wallet? It will increase exponentially in future due to ease, safety and massive returns. Better nip it in the bud before it becomes a wildfire.
Click to expand...

murder is illegal and people still do it. Don't be THAT naive...
 
Evernessince said:
it's made up of easily disproven rumors started by fox news a long time again... https://www.foxnews.com/transcript/jordans-terror-retaliation-vs-president-obamas-isis-strategy
Click to expand...
There were no "rumors", easily disproven or not, in that Fox article. You shouldn't correct one piece of misinformation by spreading another. The Fox piece was talking about Obama golfing immediately after the beheading of James Foley, not the Jordanian pilot. This fact was confirmed by Obama himself, and reported by many media outlets:

www.cbsnews.com

Obama: Golfing after condemning James Foley's execution was a mistake

President concedes bad "optics" in his quick return to the golf course after slamming the jihadists who killed the American journalist
www.cbsnews.com www.cbsnews.com


the best way to prevent attacks like this is to address the lackluster handling of sensitive data by companies, universities, or any other entity that handles sensitive user information. Regulation requiring reasonable security standards are likely the best defense.
Click to expand...
It sounds good in theory. In practice, the government would create a nightmare mishmash of tens of thousands of expensive, unnecessary, out-of-date, and sometimes counterproductive regulations ... then once every couple of decades, dive back into it to make it worse.

A better solution might be to simply pass a law allowing citizens to opt out of providing their sensitive data to those entities in the first place. If they don't have the data, they can't compromise it.

given the current president is in place due to the graces of foreign powers
Click to expand...
Lol, talk about 'easily disprovable rumors' ...
 
  • Like
Reactions: Shadowboxer and Ludak021
Ludak021 said:
murder is illegal and people still do it. Don't be THAT naive...
Click to expand...

That's not what I meant at all. Ransomwares are already illegal.

My point was that paying ransom to ransomwares shall be made illegal as it takes away all incentive out of such attacks. It will also prevent such attacks to make easy money by insiders (think deans/IT staff etc) as the payments are made in bitcoins and currently its a very safe and lucrative crime for insiders. It should be stopped by cutting all the incentive for committing it.
 
They will still do it, just under the table. Like they do with typical blackmail that is also illegal but happens 24/7. Need I mention names of famous blackmailers with political connections and such?
Laws are for law abiding people, that's that.
 
Ludak021 said:
They will still do it, just under the table. Like they do with typical blackmail that is also illegal but happens 24/7. Need I mention names of famous blackmailers with political connections and such?
Laws are for law abiding people, that's that.
Click to expand...

They will pay millions under the table? From where the fund will come for this illegal activity (if ransom for ransomwares was outlawed) eg in the case of colleges like mentioned in this article?

Look, have your opinion but please don't tell me that just because a couple of people will try to bypass it, the law should itself not be there. Something that stops most instances of a crime is far better than doing nothing.
 
  • Like
Reactions: brucek
This university runs courses in computer science, IT, Data science, criminology, electrical and computer engineering and public administration yet can’t even keep their own systems secure?

If I were a student there I’d be asking for a refund.
 
You must log in or register to reply here.

Similar threads

A
Ransomware operations made more than $1 billion in 2023
Replies
1
Views
140
brucek
brucek
Shawn Knight
IBM says their latest AI-enhanced storage platform can identify ransomware in under a...
Replies
4
Views
171
wiyosaya
wiyosaya
midian182
A ransomware group says it has stolen almost 200GB of data from Epic Games (updated)
Replies
5
Views
170
return
return

Latest posts

Back