The university had to put a few of the School of Medicine's IT systems under quarantine to be safe. They successfully isolated the security incident from the university's central network. What's important to know is that the university's overall campus network, COVID-19 work, or patient care delivery operations were not affected by the security incident.
What Went On With The Malware Attack On The University?
While the attack was happening, the university managed to stop it. However, the cybercriminals managed to launch malware that encrypted several of the servers in the School of Medicine. The malware made it so that the servers were inaccessible temporarily.
Since the incident occurred, the university has been working with one of the best cybersecurity consultants and other experts so that they can investigate the security incident and enhance the defenses of their IT systems. They are expecting to restore the full functionality of the encrypted servers shortly.
The university's investigation is still going but they believe that the cybercriminals intended to encrypt any server and they didn't particularly target any individual areas. As proof of their attack, the cybercriminals had some data they grabbed so they could demand a ransom payment.
Patient medical records are believed to be safe and unexposed, but it isn't confirmed yet since the investigation is still ongoing. Until there is additional information discovered, the university will wait until then to provide more updates.
#NetWalker #ransomware team has been targeting education(MSU & Columbia). Another large university has been breached. University of California San Francisco (@UCSF) was breached by NetWalker and now student and faculty data will be leaked in 5 days unless they pay the ransom. pic.twitter.com/wQJ7UWagmV — Ransom Leaks (@ransomleaks) June 3, 2020
The Unfortunate Necessity To Keep Data Safe
The data that the malware encrypted is crucial for a significant amount of academic work that the university is pursuing to serve the public good. That is why the university made the challenging decision to pay a small portion of the asked-for ransom, which amounts to around $1.14 million.
This money was given to the cybercriminals that perpetrated the malware attack so that the university could receive the tool required to decrypt the encrypted data and they also returned the data they took from the servers.
Cybercriminals and their increasing use of malware to attack is what the incident has shown the world. Monetary gain is what the majority of these cybercriminals seek. There have been multiple attacks on higher education institutions in recent times, which is a horrific thing to see in modern times.
The university is continuing to work with law enforcement, and they hope that everyone understands that what they can share has to be limited since they are still investigating right now.