As reported by ZDNet, the University of Utah recently paid out almost $500,000 to a ransomware group. While paying these types of groups is unfortunately not all that remarkable, the fact that they paid even after a relatively successful response by the University is rather remarkable.
Apparently the university was able to identify and halt the attack before 99.98% of their data had been encrypted. Of the data that was encrypted, just .02%, was unable to be recovered from backups. With almost no data loss, the university seemed to have avoided disaster. Then the ransomware group threatened to release documents stolen before the encryption began if a substantial payment wasn’t made. This is a backup maneuver that has become all too common in these types of ransomware attacks. In many cases, the ransomware groups will get two ransom payments, one for giving victims the decryption key and one for (supposedly) deleting the data.
Reportedly, after a review of the matter and consulting with their cyber insurance provider, it was agreed that a payment would be split between the cyber insurance and the university. A university spokesperson was quoted as describing the payment as “a proactive and preventive step to ensure information was not released on the internet”. One has to wonder how much faith anyone can have in the promise of the ransomware group which, of course, stole the data in the first place.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology