Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

University of Utah Pays $457,000 to Ransomware Operators

The University of Utah on Thursday revealed that it paid approximately $457,000 to ransomware operators after servers in its College of Social and Behavioral Science (CSBS) were compromised.

The University of Utah on Thursday revealed that it paid approximately $457,000 to ransomware operators after servers in its College of Social and Behavioral Science (CSBS) were compromised.

The attack occurred on July 19, 2020, and resulted in the CSBS servers becoming temporarily inaccessible. Roughly .02% of the data stored on those servers was affected during the incident, the university claims.

Both employee and student information was impacted in the attack, and locally managed IT services and systems were restored from backup copies. The attack did not affect central university IT systems. The impacted servers were isolated immediately after the attack was identified.

“The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks,” University of Utah says.

The servers hosted data and services for CSBS and various colleges, departments and administrative units, and a password reset was prompted for students, staff, and faculty.

“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet,” the university reveals.

For the time being, the university hasn’t determined the exact nature of the data that might have been accessed during the incident, and only said that student and employee information was affected. All compromised servers have been cleaned.

It also noted that, despite significant investment in technology to keep its network protected from attacks, vulnerabilities still exist, because of the “decentralized nature and complex computing needs” the university has.

The vulnerability that led to this attack has been addressed and the University of Utah has also started moving college systems that contain private and restricted data to central services, to ensure they are better protected.

“The university is also unifying the campus to one central Active Directory and moving college networks into the centrally managed university network. These steps, in addition to individuals using strong passwords and two-factor authentication, are expected to reduce the likelihood of an incident like this occurring again,” the university says.

The organization also revealed that the $457,000 ransom was partly covered by the cyber insurance policy, and that it was not paid using tuition, grant, donation, state or taxpayer funds.

Related: Ransomware Operators Demand $14 Million From Power Company

Related: Netherlands University Pays $240,000 After Targeted Ransomware Attack

Related: University of Utah Health Discloses Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...