Univ. of Utah Pays Ransomware Gang

The attack was a classic – a criminal group stole sensitive files from the University of Utah before encrypting their files and threatened to release the stolen documents as a second extortion scheme. In a statement posted on its website, the school said it actually dodged a major ransomware incident and that the hackers managed to encrypt only 0.02 percent of the data stored on its servers. Nevertheless, the university paid $457,059 because the hackers threatened to leak student information online. The school’s policy had been to refuse to pay ransom demands, but the decision to capitulate came after the first threat to release files. “After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker,” the university said. It was called “a proactive and preventive step to ensure information was not released on the internet.” A threat analyst at cyber-security firm Emsisoft, told ZDNet that the payment made little sense. All organizations are paying for in this scenario is a promise from a bad faith actor that the stolen data will be destroyed, he said, but why would they when they can monetize the information later, use it for spear phishing or for identity theft.