The University of the West of Scotland (UWS) has fallen victim to a cyberattack, with data now being auctioned by the ransomware gang Rhysida. The university first reported the “cyber incident” earlier this month and has since been working with the authorities to investigate the breach. The extortion cybergang Rhysida is now demanding 20 bitcoin (approximately £450,000) in exchange for the confidential data, threatening to sell it to the highest bidder.The attack has had severe implications for the university, affecting numerous digital systems and staff data. Notably, staff laptops have been impacted, nearly half of the university’s IT systems have been shut off, and student submissions have been affected. The incident was officially reported to the police on 6 July, coinciding with the university’s website being down and displaying an error message apologizing for the inconvenience. While some parts of the website have been restored, certain sections, such as those related to late applications through the clearing process, remain unavailable.Initially, no group claimed responsibility for the attack, leaving the university uncertain about the perpetrators. However, the ransomware group Rhysida has now claimed responsibility and attempted to leverage the stolen data for extortion. The data advertised on the group’s deep web domain includes sensitive personal information belonging to staff, such as bank details and national insurance numbers, along with internal university documents.The authenticity of the data has been confirmed as real, but verification remains challenging. Experts believe it is unlikely to be fake, as criminal gangs prioritize profit and reputation. Faking stolen data would not serve their interests in the cybercrime world. Nevertheless, the data’s true value may not be as high as Rhysida claims, at least not to third-party entities. The group is likely hoping that the university will pay the ransom to prevent the data from being released on the dark web and potentially used by other cybercriminals for identity fraud.UWS has emphasized that some details remain sensitive due to the ongoing criminal investigation. The university is actively cooperating with relevant authorities to resolve the situation in a controlled manner. Colleagues and students have been briefed about the incident, and affected staff members are being contacted directly with information and support.The Rhysida ransomware group is relatively new and was first observed in May of this year. It has already launched attacks on multiple organizations worldwide. Interestingly, the group portrays itself as a “cybersecurity team” performing a favor for its victims by targeting their systems and exposing vulnerabilities in their online security.Experts warn that the university should exercise caution and carefully consider its response to the ransom demand. While the cybercriminals claim the data’s value to be exorbitant, it may not hold the same worth to other parties. The university’s actions will determine whether the stolen data remains protected or is exposed on the dark web, leading to potential identity fraud and further criminal activity.As the investigation continues, universities and organizations alike are urged to enhance their cybersecurity measures, conduct regular risk assessments, and implement robust incident response plans. Cyber threats are evolving rapidly, and adopting proactive measures is crucial to safeguarding sensitive data and preventing future attacks.
Subscribe to our mailing list to get the new updates!
October 20, 2023
October 20, 2023