Ransomware attackers heated up the heat at a small Virginia university this week by hijacking the staff/student alert system to warn of an impending major data leak.
Bluefield University discovered the attack on its IT systems on April 30, ahead of this week’s final exams, according to an internal notice.
“Upon learning of the issue, we engaged providers and independent third-party cybersecurity experts to assist with review and remediation efforts, but it may take several days before full functionality is restored. There is potential,” he said at the time.
“We are engaged in an investigation to determine the nature and scope of the incident. However, there is currently no evidence that the relevant information was used for financial fraud or identity theft.”
Read more about the university ransomware threat: Ransomware attack cost universities over £2m.
In an unusual move designed to make the university more likely to pay the extortionists, the threat actor managed to gain control of the university’s mass alert system, known as RAMAlert, it said.
“Therefore, if you are contacted by someone claiming to be involved in an incident, please do not click on the link provided by that individual or reply,” the university’s notice warned.
However, rather than posting malicious links, the attackers simply publicized their attacks to staff and students to increase the chances of paying the ransom.
“We have admissions data from thousands of students. Your personal information is at risk of exposure on dark web blogs,” one alert reportedly read. Please share it on your local media news, if you don’t receive the payment, you will be exposed to the full data breach!”
The attacker in question claimed to be part of the AvosLocker group and possess 1.2 TB of files. Further text published by NBC News shows them heating up the administration of the university.
“If you don’t want data about your admissions leaked to the dark web, call President David Olive and tell him to pay now. Otherwise, prepare for an attack,” via RAMAlert. Another message sent at said.
This novel tactic highlights the increasing difficulty ransomware attackers face in extorting victims. According to a Chainalysis report earlier this year, ransomware payouts fell by more than 40% in 2022 compared to 2021.
