University Of Utah Suffered Ransomware Attack – Paid Ransom To Recover

As ransomware attacks continue to target the educational sector, the University of Utah has emerged as the recent victim to it. As revealed, the University of Utah not only suffered damages due to the ransomware attack but also paid the ransom of $475,000.

University Of Utah Ransomware Attack

Reportedly, the University of Utah suffered a devastating ransomware attack causing a huge security blow. The varsity has disclosed the incident in a recent update.

As revealed, the incident happened in July 2020, causing disruption of university servers. The attack affected data servers of the facility impacting students’ and employees’ information. As stated in the notice,

On Sunday, July 19, 2020, the university’s College of Social and Behavioral Science (CSBS) notified the U’s Information Security Office (ISO) of a ransomware attack on CSBS computing servers and networks. Content on the compromised CSBS servers was encrypted by an unknown entity and no longer accessible by the college.

Specifically, the attack targeted 0.2% of the servers, rendering them inaccessible for some time.

However, the ransomware did not affect the central IT system of the university. Also, the officials urged the students and the faculty for a password reset as a precaution.

Because the CSBS servers hosted data and IT services for itself and a small group of colleges, departments and administrative units, asking users to update their passwords was a prudent response.

Upon discovering the incident, the university’s Information Security Office (ISO) contained the attack and took measures to recover local IT systems via backups.

What Next?

While the university quickly contained the attack, they immediately informed the law enforcement authorities and security experts as well of the matter.

Nonetheless, aside from implementing security measures, the university also paid the ransom to the attackers.

As they have explicitly mentioned in the notice, the University of Utah paid USD 457,059.24 to the attackers.

Explaining the details of this payment, they stated,

After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet.
The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom.

They further state that they are continuing the review process of the situation. During the investigations, they have also found a vulnerability in their system that they have fixed. Moreover, they are also switching their systems from a decentralized model to a centralized one for enhanced privacy.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients