This is the latest ransomware incident attack, where criminals stole sensitive files before encrypting the victim's systems. The criminals threatened the university that if it does not pay the ransom, they will expose the stolen data on the internet.
The University of Utah posted on its site a announcement, which said that the agency managed to mitigate a serious ransomware attack, since the hackers were able to encrypt only 0,02% of data stored on its servers.
The university said the damage was repaired as it was copies security. However, the ransomware gang threatened to report to Internet data belonging to students, which prompted the university administration to reconsider the situation, as it had initially been said that the ransom would not be paid.
"After careful consideration, the university has decided to work with a cyber insurance provider to pay the ransomware ransom gang ransom," said the University of Utah.
"This was done as a precautionary measure to ensure that the information would not be circulated on the Internet."
"OR service University security paid part of the ransom and the university covered the rest. No tuition, grants, donations or state funds were used to pay the ransom", Added university officials.
The University of Utah has revealed some details about ransomware attack. According to them, the attack took place on July 19, 2020 and affected his network. College of Social and Behavioral Science [CSBS] of the University.
However, the university did not disclose which ransomware gang was behind the attack.
All indications are that this is probably a NetWalker ransomware
Ο Brett Callow, threat analyst at the security company Emsisoft, he said, although he does not have specifics data, that the NetWalker ransomware gang is most likely behind the attack.
This particular team, which is believed to have acquired more than $ 25 million ransom, is behind a recent wave of attacks targeting university networks (eg attacks on Michigan State, University of California at San Francisco, Columbia College Chicago and City University of Seattle).
However, Callow disagrees with the decision made by the University of Utah. Paying ransom to hackers to prevent leakage data is not the best practice and certainly not the results.
"Paying a ransom to avoid publishing data does not make sense," said Callow.
Essentially, organizations pay ransom to ransomware gangs in the hope that hackers will keep their word and not publish the stolen data or at best they will destroy them. However, it is not very wise to trust someone who has already attacked you and put you in this difficult situation.. Most likely that hacking groups hold the data and use it in subsequent attacks (B.C. Phishing) even if they do not publish them on the internet.