A notorious ransomware gang has taken to Twitter to shame the UK’s Newcastle University after infecting its systems with data-crippling malware. The criminals are threatening to release the university’s data publicly if their demands aren’t met.
The public research university reported the attack as a “cyber incident” which took place on September 4 and caused the institution to shut down a number of its IT systems, IT Pro reports.
Taking credit for the attack, the DoppelPaymer gang took to Twitter to shame the institution and its students for the embarrassing event.
“Dear students of the New Castle University Congratulations with an upcoming release of your personal data. What a great start of a new educational year,” the gang tweeted Monday.
The criminals have posted some of the data on the dark web, threating that more will come if the university doesn’t fulfill their demands. At this point, it is unknown how much the hackers have demanded, nor if Newcasle has any intention of paying.
However, the university doesn’t seem keen to meet the hackers’ demands, considering it announced it could take “several weeks” to address the event. It has drafted in several third-party security experts to assist with recovery and assess the extent of the damage.
The institution has also alerted the Information Commissioner’s Office (ICO) and the police about the incident. The ICO is the UK’s regulatory body responsible for dishing out fines under the GDPR for data breaches involving personally identifiable information. If Newcastle University is found negligent in this scenario, it will face a (likely substantial) penalty from the watchdog.