Cyber Groups Ask University of California for Ransom Threatening to Publish Data on Students & Staff

The University of California (UC) has been attacked by a ransomware group, which is threatening the university it will publish confidential data on students and staff, if a certain amount of money isn’t paid. The malicious incident has been conducted through Accellion’s vulnerability, a vendor service used to transfer files within the institution.

In a press release, UC informs that the authorities have started an investigation on the matter, and it is believed that the attack hasn’t affected UC systems or networks, Erudera.com informs.

“We believe the person(s) behind this attack are sending threatening mass emails to members of the UC community in an attempt to scare people into giving them money. The message states that your personal data has been stolen and will be published,” UC release reads.

Anyone who receives such an email is advised to forward it to the local information security office or delete it.

Along with UC, other universities, government institutions, and private companies have been subjected to cyber-attacks recently.

The Stanford University’s School of Medicine and Yeshiva University in New York City have also reported that student and employee personal and financial data have been stolen and shared online. This incident as well has been attributed to the 20-year-old Accellion file service vulnerability.

The University of Maryland in Baltimore has also reported having private information of staff being posted online recently. According to the Baltimore Sun, a hacking group known as Clop has entered the Accellion system in December.

The University of Colorado and the University of Miami both have reported that their personal data, health study, and research data had been accessed. The Washington State Auditor’s Office stated that information on 1.5 million unemployment applicants had been stolen, as reported last month.

In March, Accellion said it had closed “all known” fragile points, and no new ones had been detected.

Recently, the computer system of one of the biggest schools in the nation was hacked by a criminal gang that required $40 million, or it would delete files and share personal information of students and employees.

In the past three years, a wave of ransomware attacks has hit different agencies, governments, and institutions. Many of these groups are Russian-speaking gangs based in Eastern Europe, tolerated by mild governments’ rules.

With cyber-attacks increasing last few years, students are also showing high interest in cybersecurity studies, as Canadian Institute for Cybersecurity (CIC) has noted. Although the interest is high, pursuing the studies seems to be more difficult as many students do not complete them, which led to the CIC working on their science, technology, engineering, and mathematics programs.