Hackers encrypt all college computers with ransomware: $2 million ransom

Officials at Monroe College, a private university based in New York, recently reported a cybersecurity incident that affected its operations. According to system audit specialists, the hackers in charge of the attack compromised the academic institution’s computer systems, demanding a ransom of more than $2 million in exchange for restoring their systems.  

The university’s administrative staff mentioned that the incident was already notified to the city authorities; “Many of our systems have been affected by this cyberattack and, for now, access has been prevented by hackers,” a statement from Monroe College says.

For now, the university is turning to some alternative methods, such as using pen and paper to maintain some of its activities and services; “This University was founded in 1933, we know how to work without technological resources at hand”, the statement adds.

System audit experts recently reported a chain of ransomware attacks against systems in some cities in Baltimore and Florida. According to local media reports, an unidentified group of threat actors managed to infect about 10K computers belonging to the Baltimore government using a ransomware variant called “RobbinHood”. On that occasion, hackers demanded from the local government a payment of more than $10K USD via Bitcoin transfers.

The perpetrators of these attacks blocked access to the city’s email server, as well as temporarily shutting down the databases of the various Baltimore government systems, such as records of traffic fines, taxes and vehicle control.

International Institute of Cyber Security (IICS) system audit specialists believe that this fact, along with the series of ransomware attacks against Baltimore and Florida, could have some link to each other. However, checking this hypothesis can take a long time; before so, IT employees in affected governments and private companies must conclude with their process of cybersecurity incident recovering. In addition, to corroborate the relationship between these facts it is necessary to analyze factors such as the mode of operation of the threat actors, the ransomware variants used, the messages sent to the victims, as well as the Bitcoin addresses used to receive the ransoms.