The University of Utah has become the latest victim of ransomware attacks, with hackers being paid nearly half a million dollars not to publish sensitive information on the Internet.
While no details have been shared about the type of ransomware used in the attack, the university confirmed that the contamination affected 0,02% of the data stored on its servers and that the exposed information belonged to employees and students.
The university restored the data using backups, and no central university IT systems were compromised, but payment was necessary because the hackers threatened to release the stolen information on the Internet.
"After careful consideration, the university decided to work with the cyber insurance company and pay the ransomware attacker a fee. "This was done as a precautionary measure to ensure that information would not be circulated on the Internet," the University of Utah explained in announcement on his page.
The university ended up paying over $ 457.000 to the hackers and part of the ransom was covered by the cyber insurance policy.
"CSBS servers were immediately isolated from the rest of the university and the Internet. The university informed the appropriate law enforcement authorities and ISO began to actively investigate the matter. "An external consultant specializing in handling these situations was also hired to support the investigation," the public statement said.
The university advises students and staff to continue to use strong passwords access and change them on a regular basis to make it harder for attackers to get into their accounts.
However, the university acknowledges that other vulnerabilities may still exist in its systems, but additional security upgrades are currently underway, including the transfer of all college systems to headquarters for improved protection.
I wanted to know which "insurance company" proposes to pay a ransom to criminals.
Something "stinks" to me in this case.
And not in order to get back, but in order not to leak the 0,02% data on the internet. As if you were right…