The Clop ransomware group had allegedly leaked data on the dark web that was stolen from the University of Colorado (CU). CU announced in February that it had been investigating a cyberattack believed to be the most significant cyberattack in the history of the University.
The Clop ransomware attack had targeted an undiscovered vulnerability in the File Transfer Appliance from a third-party vendor, Accellion. It stated that the cyber hack had impacted less than a hundred clients, with meagre 25 suffering a significant data theft.
The Clop ransomware group had leaked and published data on the dark web from 25 Accellion hacks. This also includes data from the University of Colorado. Brett Callow of Emsisoft, a cybersecurity threat analyst, stated that it is highly likely that the Clop bears additional data from the other various Accellion hacks.
“Whether Clop is responsible for the hacks or is simply handling the extortion is impossible to say, but I suspect the latter,” Callow added.
The University had mentioned on Tuesday that they are still investigating the cyber attack’s scope.
“We did receive demands that we declined to meet,” said Ken McConnellogue, CU Vice President for Communication. “We also advised our users to not pay, which is consistent with the guidance we received from the FBI.”
“Organizations in this position are without good options,” Callow explained. “If they don’t pay the ransom demand, their data will be released online in a series of installments. If they do pay, they’ll simply receive a pinky-promise that the stolen data will be destroyed. Obviously, there is absolutely no reason to believe that the criminals would actually do this, especially if the data has significant market value.”
On the 25th of January, CU Boulder had been informed of the Accellion cyber attack. The Office of Information Security of CU had determined files that 447 CU users had uploaded were at the risk of unauthorized access. Officials revealed that CU Denver and CU Boulder students’ personal information, alongside the prospective students and the employees, might have been accessed.
Currently, the University of Colorado is preparing to notify the data breach affected individuals. CU stated that it would offer monitoring services for free to everyone who suffered compromisation. Meanwhile, the employees and the students can adopt proactive steps for protecting their identity solely by visiting identitytheft.gov/databreach.
On the 1st of March, Accellion had mentioned that all the known File Transfer Appliance vulnerabilities had correctly been remediated.
“Since becoming aware of these attacks, our team has been working around the clock to develop and release patches that resolve each identified FTA vulnerability, and support our customers affected by this incident,” said Jonathan Yaron, Accellion’s Chief Executive Officer.
CU had said that it is planning to switch to another file-sharing product. Adding to this, the university officials have plans to shift the university data to another cloud-hosted environment adding multi-factor authentication (MFA) as an extra layer of security.
Source: CBS Local
Disclaimer: Read the complete disclaimer here.