(Rob Engelaar/AFP/Getty Images) Fighting off a ransomware attack sometimes isn’t enough to avoid paying the hackers.
On Thursday, the University of Utah revealed it paid $457,059 to a ransomware gang, despite successfully restoring the school’s IT systems following the attack.
The university decided to give in because the hackers also stole some private data from the school, which they apparently threatened to leak.
“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker.
This was done as a proactive and preventive step to ensure information was not released on the internet,” the school wrote in the announcement.
The attack itself targeted the University of Utah’s College of Social and Behavioral Science on July 19.
The unnamed ransomware was able to take down the department’s servers by encrypting the information inside.
Fortunately, the school restored the systems using backup copies.
The school's investigation found that the attack only affected “0.02 percent” of the data on the servers.
Nevertheless, the hackers gained access to employee and student information before encrypting the servers, so the school decided to pay up.
It's not clear which ransomware strain was behind the attack, and how the initial infection occurred.
But on July 20, the university filed a data breach report, indicating an attack occurred through a phishing email, which ended up affecting data on 10,000 people.
Antivirus provider Emsisoft suspects the Netwalker ransomware gang may have been behind the attack, citing how the hackers have been tied to a string of attacks on universities.
Other ransomware gangs, including Maze and Revil, will also resort to stealing data from victims’ computers before encrypting the information inside.
The University of Utah says its insurance provider covered part of the ransom while the school paid the rest.
“No tuition, grant, donation, state or taxpayer funds were used to pay the ransom,” it added.
The vulnerability the hackers leveraged to launch the ransomware has also been patched.
However, the university says it needs to centralize the school’s IT systems to help it guard against future attacks.
(Rob Engelaar/AFP/Getty Images) Fighting off a ransomware attack sometimes isn’t enough to avoid paying the hackers.
On Thursday, the University of Utah revealed it paid $457,059 to a ransomware gang, despite successfully restoring the school’s IT systems following the attack.
The university decided to give in because the hackers also stole some private data from the school, which they apparently threatened to leak.
“After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker.
This was done as a proactive and preventive step to ensure information was not released on the internet,” the school wrote in the announcement.
The attack itself targeted the University of Utah’s College of Social and Behavioral Science on July 19.
The unnamed ransomware was able to take down the department’s servers by encrypting the information inside.
Fortunately, the school restored the systems using backup copies.
The school's investigation found that the attack only affected “0.02 percent” of the data on the servers.
Nevertheless, the hackers gained access to employee and student information before encrypting the servers, so the school decided to pay up.
It's not clear which ransomware strain was behind the attack, and how the initial infection occurred.
But on July 20, the university filed a data breach report, indicating an attack occurred through a phishing email, which ended up affecting data on 10,000 people.
Antivirus provider Emsisoft suspects the Netwalker ransomware gang may have been behind the attack, citing how the hackers have been tied to a string of attacks on universities.
Other ransomware gangs, including Maze and Revil, will also resort to stealing data from victims’ computers before encrypting the information inside.
The University of Utah says its insurance provider covered part of the ransom while the school paid the rest.
“No tuition, grant, donation, state or taxpayer funds were used to pay the ransom,” it added.
The vulnerability the hackers leveraged to launch the ransomware has also been patched.
However, the university says it needs to centralize the school’s IT systems to help it guard against future attacks.