Home News Ransomware Resolve: University of Utah Pays $457K to Restore Data

Ransomware Resolve: University of Utah Pays $457K to Restore Data

Ransomware Attacks, Graff ransomware attack

The University of Utah’s College of Social and Behavioral Sciences (CSBS) suffered a ransomware attack in July 2020 which affected .02% of the college’s data, including personal information of students and employees. In a security update, the university stated that unknown threat actors compromised and encrypted the data stored on its CSBS computing servers, which was no longer accessible. According to the university’s Information Security Office (ISO), the attackers stole certain unencrypted data before encrypting the systems.

No central university IT systems were compromised by the ransomware attack, however as a precautionary measure, the CSBS servers were immediately isolated from the rest of the university networks.

“The university notified appropriate law enforcement entities, and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks. The ISO assisted the college in restoring locally managed IT services and systems from backup copies. No central university IT systems were compromised by the attack on the college,” the University of Utah said in a statement.

Ransom Demand

The university paid a ransom of $457,059.24 to the attackers in order to retrieve the decryption key to the seized information. The ransom was paid to prevent hackers from leaking the stolen data online.

“The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state, or taxpayer funds were used to pay the ransom,” the statement added.

The affected database has been shut down temporarily. The university authorities asked the students and staff to change their passwords as a precautionary measure.

Is the University Safe Now?

The authorities noted, “Despite these processes, the university still has vulnerabilities because of its decentralized nature and complex computing needs. This incident helped identify a specific weakness in a college, and that vulnerability has been fixed. The university is working to move all college systems with private and restricted data to central services to provide a more secure and protected environment. The university is also unifying the campus to one central Active Directory and moving college networks into the centrally managed university network. These steps, in addition to individuals using strong passwords and two-factor authentication, are expected to reduce the likelihood of an incident like this occurring again.”