The University of Utah announced today that it paid a ransom of $457,059 to a Ransomware group. As hackers threaten to leak student's information online. These types of situations are common for Ransomware crews who will perform ransomware attacks that steal sensitive files and information from the hacked companies, individual, or entity then encrypting their files. Incase victims decide not to pay the ransom, they will threaten to release the stolen documents as an another attempt to get the ransom paid.
For the University of Utah, this is the exact situation scenario that happened. A statement posted on their website states the university did manage to avoid a large portion of the attack. The major ransomware incident that just occurred the hackers only managed to encrypt about 0.02% of the data on the University's servers.
The University said its team restored the lost data from backups they had. But the ransomware gang pulled the second card of threatening to release student's data online which caused the University to reevaluate their stance of paying the hackers.
"After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker." The University of Utah.
"The university's cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom," The University of Utah.
Emsisoft a cyber-security firm has a hunch that a ransomware gang named NetWalker was behind this attack. NetWalker is believed to at least make about $25 million from their ransomware attacks just this year from targeting University networks. Like Michigan State attack, the University of Seattle, and the University of California which paid about $1.14 million to the hackers.
Brett Callow a threat analyst at Emsisoft commented on the situation and the ransomware attacks.
"All what organizations are paying for in this scenario is a pinky promise from a bad faith actor that the stolen data will be destroyed. Whether the groups do ever destroy data is something only they know, but I suspect they do not. Why would they? They may be able to monetize the information at a later date or use it for spear phishing or identity theft." Brett Callow commented.