Ransomware hackers expose information of students and staff at large universities

Through a security alert, the University of California administration has alerted its staff and students that their confidential information may have been compromised by a ransomware group attack. The incident also involves other academic institutions, as well as government agencies and private companies.

In its message, the University added some details about cyberattack and those responsible: “It has came to our attention that attackers posted some screenshots on illegal hacking forums; we are trying to notify members of our community if their information has been exposed in this way,” the University says.

It was also reported that threat actors would have been sending emails to affected people, including threatening messages and ensuring that their information will be posted on the dark web if their economic demands are not met.

As mentioned above, this incident affected dozens of organizations of all kinds, including Stanford University School of Medicine, Yeshiva University in New York, among others. It is reported that the leak is mainly composed of social security numbers and some financial details of the affected employees and students.

The University’s security teams estimate that the infection would have occurred between December and January 2020, when hackers exploited a zero-day vulnerability in Accellion FTA, a file transfer platform.

In a separate report, the University of Maryland at Baltimore revealed that its systems were compromised by the operators of the Clop ransomware (also identified as Cl0p). This group gained relevance after cybersecurity experts confirmed that their activities were linked to the exploits of the Accellion FTA flaw, so experts do not rule out Clop’s hackers being behind the attack on the University of California.

In this regard, Accellion issued a statement stating that all known flaws had been corrected and so far a single report on new vulnerabilities had not appeared. However, it is a fact that the flaw was exploited in real-world scenarios on multiple occasions.

Cybersecurity firms are about to publish their first quarter 2021 figures, although experts anticipate that ransomware will appear as the main security threat in this period. Experts believe that this sudden increase in the number of ransomware incidents is due to hacking groups receiving increased support from national states, plus these attacks also allow data theft, making them more attractive to cybercriminals.