Ransomware Actors Extort University Via Alert System

Written by

Ransomware attackers turned up the heat on a small Virginian university this week by hijacking a staff/student alert system to warn of a major impending data leak.

Bluefield University discovered an attack on its IT systems on April 30, ahead of final examinations this week, according to an internal campus notice.

“Upon learning of this issue, we immediately engaged the provider and independent third-party cybersecurity experts to assist in our review and remediation efforts, but it may be a few days before full functionality can be restored,” it said at the time.

“We are working through the investigation to determine the nature and extent of the incident. However, as of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft.”

Read more on university ransomware threats: Ransomware Attacks Cost Universities Over £2m.

In an unusual move designed to increase the likelihood of the university paying its extorters, the threat actors managed to gain control of the institution’s mass alert system, known as RAMAlert, it said.

“As such if you are contacted by anyone claiming to be involved in the incident, please don’t click on any links provided by the individual or respond,” the university notice warned.

However, rather than post malicious links, the threat actors merely publicized the attack to staff and students in a bid to increase the chances of a ransom payment.

“We have admissions data from thousands of students. Your personal information is at risk to be leaked on the dark web blog,” one alert reportedly read. “Please share this information with local media news. If we don’t receive payment, full data leak will be published!”

The attackers in question claimed to be part of the AvosLocker group and to have 1.2TB of files in their possession. Further texts published by NBC News show them turning the heat up on the university administration.

“If you don’t want your admissions data leaked in the dark web, call President David Olive tell him to pay us immediately. Otherwise prepare for attacks,” another message sent via RAMAlert said.

The novel tactics highlight the increasing difficulty ransomware actors have in extorting their victims. A Chainalysis report earlier this year claimed that the value of ransomware payments fell by more than 40% in 2022 compared to 2021.   

What’s hot on Infosecurity Magazine?