University of Utah pays $450K after ransomware attack

Photo Courtesy: U of U

SALT LAKE CITY, Utah, Aug. 23, 2020 (Gephardt Daily) — The University of Utah has paid $457,059.24 after a ransomware attack, officials said.

A news release from the U of U said that Sunday, July 19, computing servers in the University of Utah’s College of Social and Behavioral Science experienced a criminal ransomware attack, which rendered its servers temporarily inaccessible. The university notified appropriate law enforcement entities, and the university’s Information Security Office investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks.

“It was determined that approximately .02% of the data on the servers was affected by the attack,” the news release said. “This data included employee and student information. The ISO assisted the college in restoring locally managed IT services and systems from backup copies. No central university IT systems were compromised by the attack on the college.”

The news release added: “After careful consideration, the university decided to work with its cyber insurance provider to pay a fee to the ransomware attacker. This was done as a proactive and preventive step to ensure information was not released on the internet.”

The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder. No tuition, grant, donation, state or taxpayer funds were used to pay the ransom, officials said.

As a precautionary measure, on July 29, students, staff and faculty were directed to change their university passwords. “Because the CSBS servers hosted data and IT services for itself and a small group of colleges, departments and administrative units, asking users to update their passwords was a prudent response,” the news release said.

The university has made substantial investments in technology to monitor and protect the university community against attacks, including ransomware threats, the news release said. Networks and IT infrastructure are monitored 24 hours a day, and the IT environment is continuously assessed to identify any vulnerabilities that need to be addressed.

“Despite these processes, the university still has vulnerabilities because of its decentralized nature and complex computing needs,” the news release added. “This incident helped identify a specific weakness in a college, and that vulnerability has been fixed. The university is working to move all college systems with private and restricted data to central services to provide a more secure and protected environment. The university is also unifying the campus to one central Active Directory and moving college networks into the centrally managed university network. These steps, in addition to individuals using strong passwords and two-factor authentication, are expected to reduce the likelihood of an incident like this occurring again.”


Please enter your comment!
Please enter your name here