fbpx

https://www.insidehighered.com/quicktakes/2020/06/04/michigan-state-refuses-pay-ransom-hackers

Michigan State University has stated it will not pay an undisclosed ransom to hackers who are threatening to publish stolen sensitive information.

The hack is thought to have taken place on Memorial Day and was isolated to the university’s physics and astronomy department. Impacted servers and workstations were quickly taken off-line, according to a statement published Wednesday.

“First and foremost, our priority is determining what information was compromised and then working with anyone who may have been affected to provide them with the appropriate support,” said Melissa Woo, chief information officer at the university, in the statement. “The safety and security of our IT systems and the people who use them are of paramount importance to MSU.”

The stolen information is thought to include student personal information and financial documents. Columbia College of Chicago and the University of California, San Francisco, have also been targeted, according to Twitter user Ransom Leaks.

#NetWalker #Ransomware is threatening to #leak data from #breach of Michigan State University (@michiganstateu) in 6 days. MSU has nearly 40k students. Included in the leak sample is student identification like passports and banking info. pic.twitter.com/SNXu5cbLwx

— Ransom Leaks (@ransomleaks) May 27, 2020

#NetWalker #ransomware team has been targeting education(MSU & Columbia). Another large university has been breached. University of California San Francisco (@UCSF) was breached by NetWalker and now student and faculty data will be leaked in 5 days unless they pay the ransom. pic.twitter.com/wQJ7UWagmV

— Ransom Leaks (@ransomleaks) June 3, 2020

Successful ransomware attacks are relatively unusual in higher ed, but several colleges were badly impacted by attacks last summer. Institutions typically do not disclose whether or not they agree to pay hackers’ ransom demands.

MSU wants to send a message that it will not play ball with criminals. “Paying cyber-intrusion ransoms perpetuates these crimes and provides an opportunity for the group to live another day and prey upon another victim,” said Kelly Roudebush, chief of the MSU police department.