University of Utah Paid $457,000 to Prevent Ransomware Operators from Leaking Stolen Data

The University of Utah has agreed to pay nearly half a million dollars to thwart bad actors from publicly disclosing stolen information during a ransomware attack that took place last month.

The news was revealed after the university released an official statement regarding the security incident.

“On Sunday, July 19, 2020, computing servers in the University of Utah’s College of Social and Behavioral Science (CSBS) experienced a criminal ransomware attack, which rendered its servers temporarily inaccessible”, the notification reads. “The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks”.

Investigators initially concluded that hackers only encrypted data from the university’s College of Social and Behavioral Science (CSBS) department. It was later revealed that the culprits also managed to steal employee and student information.

Only .02% of the data on the servers was reportedly affected, while the university was eventually able to restore IT services and systems from backup copies. Nonetheless the university decided to pay the ransom demands with the help of its cyber insurance provider.

“This was done as a proactive and preventive step to ensure information was not released on the internet”, the University of Utah said. “The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom”.

Since the university is still reviewing the incident to determine the nature of the affected data, CSBS students and employees are advised to monitor their financial statements for any fraudulent activity and periodically review and change online passwords.

“This incident helped identify a specific weakness in a college, and that vulnerability has been fixed”, the university added. The university is working to move all college systems with private and restricted data to central services to provide a more secure and protected environment. The university is also unifying the campus to one central Active Directory and moving college networks into the centrally managed university network. These steps, in addition to individuals using strong passwords and two-factor authentication, are expected to reduce the likelihood of an incident like this occurring again”.

Even tough cybersecurity experts and law enforcement advise ransomware victims to never give into extortion demands, in some cases, organizations choose the easy way out. Paying the demands of cybercriminals does not guarantee full system recovery or that the any stolen data will not be leak online or sold to highest bidder on the dark web.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top