Several universities around the country, alongside government agencies and companies, have been hit by a ransomware group. This group may have stolen and published the personal data of students and faculty members to scare the schools into paying ransom money.
Universities reporting attacks include the University of California, University of Maryland, Baltimore, University of Colorado, University of Miami, the Stanford University School of Medicine, and Yeshiva University in New York City.
Hackers Exploited Vulnerabilities in File-Sharing Service
The online attackers exploited a vulnerability in a third-party file-sharing service called File Transfer Appliance (FTA) provided by Accellion Inc.
“The attack involves the use of Accellion, a vendor used by many organizations for file transfer, in which an unauthorized individual appears to have copied and transferred UC files by exploiting a vulnerability in Accellion’s file-transfer service,” the University of California explained in a statement.
The university added that those behind the attack appear to be sending threatening mass emails to members of the community “in an attempt to scare people into giving them money.”
NBC News revealed that at the Stanford University School of Medicine and Yeshiva University hackers stole student and employee Social Security numbers and financial information. Some of these details were also posted online.
ABC News also revealed that the University of Colorado and the University of Miami were attacked in January, giving the hackers access to “personal data and some health, study, and research data.”
In some instances, the hackers were able to steal information as far back as December and January. However, some organizations said that they only recently became aware of the breach.
Rise in Ransomware Attacks
Ransomware attacks have affected government agencies, companies, and individuals for years. Hackers typically use phishing or other means to gain access to private networks and steal important personal data. They may also plant malware that encrypts a victim’s network, rendering it unusable.
Once this is activated, the hackers will demand money to unlock the malware and to refrain from posting or selling the data they have stolen.