Updated May 3: Avos Locker subsequently added the university to its leak site with a message: “1.2 TB data from a college with cyber insurance policy that doesn’t care about protecting students. Management is a circus attempting to identify breach (good luck) and lying to students and media about the severity. We’ll continue attacking for wasting our time.” As proof of access, they posted the 2019 W-2 info for the college’s president as well as an application for ransomware cyberinsurance.
The countdown clock on the listing indicates that Avos is threatening to leak data in 12 days if payment is not received.
Clayton McChesney reports:
There are new developments on the cybersecurity attack that has crippled internet services at Bluefield University. We’ve learned through “RamAlert” texts sent to students, faculty and staff that the cyber attackers are now directly communicating with everyone on the alert system. They have identified themselves as “AvosLocker” and are demanding payment in return for not leaking students’ private information. The FBI considers AvosLocker to be ransomware. In March 2022, they released an advisory on it. They said avoslocker has “Targeted victims across multiple critical infrastructure sectors in the U.S. Including…The financial services, critical manufacturing, and government facilities sectors.”
Read more at WVVA.
DataBreaches heard from a concerned person at the university who provided an example of the alert:
The alert reads:
Ram Alert
Cyber Attack Update
Hello students of Bluefield University!
We’re Avos locker Ransomware. We
hacked the university network to
exfiltrate 1.2 TB filesRam Alert
Cyber Attack Update
We have admissions data from
thousands of students. Your personal
information is at risk to be leaked on
the darkweb blogRam Alert
DO NOT ALLOW the university to lie
about severity of the attack! As proof
we leak sample Monday 1 May 2023
18:00:00 GMT (2:00:00 PM)Ram Alert
Tor Browser which you download at
https: // www.torproject.org/
download/, visit http: //
[redacted Avos .onion URL]Ram Alert
Cyber Attack Update
Also please share this information
with local media news. if we don’t
receive payment, full data leak will be
published!!!!!!!!
DataBreaches checked AvosLocker’s leak site after receiving the email, but found no listing for Bluefield University. Maybe Avos intends to upload something today with a proof pack, but as of publication, there is nothing on the site.