Emmanuel College in Boston appears to have become a victim of Avos Locker. The college was added to the threat actor’s leak site yesterday, with a note saying,
“Oh no! 140GB student and staff confidential data exfiltrated. If you value protecting students, pay us instead of shutting down domains.”
Although there is no notice on the college’s website about any incident, they first tweeted about an outage on April 27:
Emmanuel College’s website and internet is currently down. Most networked systems are unavailable, but RAVE emergency alerts are still functional. Updates will be made as more information becomes available.
— Emmanuel College (@EmmanuelCollege) April 27, 2023
On April 28, they tweeted:
Thank you for your patience with the network interruption. Information Technology has begun to restore services and will provide a further update this evening.
— Emmanuel College (@EmmanuelCollege) April 28, 2023
They do not appear to have publicly revealed that they have received any ransom demands.
As proof of claims, Avos has posted a few old employee W-2 files from 2014 And 2017. While the identity information would still be problematic to be in the wild, Avos has not yet provided any evidence of any student data or any current files.