The university indicated that it decided to give in because the hackers also stole some private data from the school, which they apparently threatened to leak. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder.
In terms of the timing and scope of the attack, the incident was quite specific, targeting the University of Utah’s College of Social and Behavioral Science on July 19, 2020. The form of ransomware has not been declared. However, the malicious code was sufficient to take down the department’s servers and to encrypt all of the information inside, according to PC Magazine.
Commenting on the incident for Digital Journal is Jonathan Reiber, senior director of cybersecurity strategy and policy at AttackIQ.
According to Reiber, the focus of the attack does not come as a surprise: “Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow. ”
While such attacks may be commonplace, there are measures that educational institutions can adopt. Reiber says that universities and colleges “should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework.”
This means Reiber says: “With ATT&CK as a foundation, organizations can then use automated adversary emulations to verify their defense effectiveness. Emulations provide insights about security team performance, enable better security decision-making, and lead to an overall improvement in security outcomes.”
