The University of Utah admitted having paid a $457,059 ransom after the ransomware attack that took place on July 19, 2020, that infected systems on the network of the university’s College of Social and Behavioral Science [CSBS]). The university did not reveal the ransomware family involved in the attack.
The University was able to recover the operations from the backups, but decided to pay the ransom to avoid having ransomware operators leak student information online.
“On Sunday, July 19, 2020, computing servers in the University of Utah’s College of Social and Behavioral Science (CSBS) experienced a criminal ransomware attack, which rendered its servers temporarily inaccessible. The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.” reads a press release published by the University.
“It was determined that approximately .02% of the data on the servers was affected by the attack.”
According to the University, the ransomware encrypted only 0.02% of the data stored on its servers. University of Utah officials explained that the university’s cyber insurance policy covered part of the ransom.
“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker,” the university said today.” continues the statement.
“This was done as a proactive and preventive step to ensure information was not released on the internet.“
Law enforcement recommends never pay ransom because ransomware operators could not destroy the stolen data and attempting to monetize them in other illegal activities.
Stolen data could be sold to other cyber criminal organizations and used to make frauds.
(SecurityAffairs – hacking, University of Utah)