Catalin Cimpanu reports:
The University of Utah revealed today that it paid a ransomware gang $457,059 in order to avoid having hackers leak student information online.
The incident is the latest in a long string of ransomware attacks where criminal groups steal sensitive files from the hacked companies before encrypting their files; and in case victims refuse to pay, threaten to release the stolen documents as a second extortion scheme.
Read more on ZDNet.
The University of Utah disclosed two data security incidents in recent months. One incident involving phishing occurred between April – May, reportedly impacted 2700 individuals. A second incident, disclosed in July to HHS, reportedly impacted 10,000 people. It is that second incident that might be related to the ransomware report, although the 10,000 figure would only apply to those who protected health information was impacted, and not to all students and employees’ PII. It’s really not clear if this is connected as the university’s description on their website says it was the College of Social and Behavioral Science that was attacked. So there may be more to come out in months to come.
This isn’t surprising at all since the backend tech at educational institutions is usually so far out of date you’re left shaking your head. They seem to never have the “budget” to update anything or pay the tech staff a decent salary, which causes people to resort to taking shortcuts.