For nearly two weeks, Western New Mexico University’s website and digital systems have been held hostage by what officials in internal emails have called the efforts of a “foreign hacking group.” The university has not publicly addressed the severity of the attack, but documentation obtained by Searchlight New Mexico indicates that an infamous Russian-speaking hacking group is behind the attack and claims to have access to employee payroll data, Social Security numbers and driver’s licenses.
“If you refuse to communicate with us and we do not come to an agreement, your data will be reviewed and published on our blog,” the ransomware on WNMU employee computers says. “Data includes: Employees personal data, CVs, DL, SSN. Complete network map including credentials for local and remote services. Financial information including clients data, bills, budgets, annual reports.”
In an image of an employee’s computer shared with Searchlight, a note that threatens to leak the employee’s Social Security number, driver’s license and the university’s “complete network map” is signed by Qilin, a hacking group that the federal government has accused of running a “ransomware-as-a-service” operation.
Read more at Searchlight New Mexico. As of publication, this incident is not listed on Qilin’s leak site.