A university in the US state of Utah paid nearly half a million dollars after a ransomware infection. Interestingly enough, the university had made backups, but the perpetrators threatened to release the stolen data afterwards.
The attack took place on University of Utah servers, specifically in the Department of Social and Behavioral Sciences. Those servers were hit by ransomware on July 19 of this year. The university does not write about which ransomware type it is and how the attackers could strike exactly.
After the attack, the university managed to isolate the servers of the affected department from the rest of the network. As a result, only a small number of computers were affected. Ultimately, according to the university, only 0.02 percent of all data at the university would have been affected. This included data from employees and students. However, the data could be restored from a backup.
Despite the latter, the university paid a ransom to the attackers. This was partly done by the insurance company. A total of 457,059 dollars was paid, or about 388,000 euros. “This was done as a proactive and preventive step to ensure that no information was leaked on the Internet,” the university writes. At the same time, the educational institution is still investigating how much data has been stolen in total.
Ransomware distributors have increasingly adopted such an approach in recent months. In doing so, they not only encrypt information, but also threaten to make it public if payment is not made. As a result, companies in particular are more likely to pay the ransom. Educational institutions are also an attractive target, because of their often inferior security and the presence of sensitive and important data. Maastricht University was hit by ransomware at the end of last year. The educational institution paid 197,000 euros as a ransom.