This ransomware gang used the emergency broadcast system to tell university students they’ve been attacked

Ransomware operators are always looking for novel ways to pressure their victims into paying their demands, and now we’ve seen the first time that an emergency broadcast system has been used for that purpose.

A ransomware group calling itself Avos recently compromised Bluefield University, a private institution in Virginia, housing roughly 900 students. 

In late April this year, the institution suffered a ransomware attack that forced it to postpone all exams. At the time, it said the attackers did not conduct financial fraud or identity theft: “Faculty and students can safely use and access MyBU, Canvas, and library resources through the universities website,” explained Bluefield University.

Exerting pressure

But it seems as if the threat actors did manage to steal sensitive information, after the university’s emergency broadcast system, RamAlert, was used to send both the staff, and the students, a short message about the attack:

“We hacked the university network to exfiltrate 1.2 TB files,” one message reads, as per a screenshot posted online. “We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog.”

“DO NOT ALLOW the University to lie about severity of the attack! As proof we leak sample Monday May 1st 2023 18:00:00 GMT (2:00:00 PM)”

The group lived up to its word and posted a small sample in early May, which includes the University President’s W-2 tax form, and insurance policy-related documents. 

Through the years, ransomware operators have used all kinds of tactics to force victims into paying the ransom demand. Exfiltrating data and threatening to leak it online is yet another example. In some cases, the attackers would DDoS the company, as well, or would call the executives on their private telephones and threaten to release sensitive data on the dark web.

Via: BleepingComputer

Go to Source