Newcastle University students’ data held to ransom by cybercriminal group
Hackers are threatening to leak student and staff data if not paid by the University
Newcastle University is being extorted by cybercrime group DoppelPaymer in an attack that has been disrupting IT systems since August 30th.
The group has posted some of the files that were stolen from the university online and are threatening to release more confidential student and staff data unless they receive payment, according to a post on their dark web site.
DoppelPaymer has previously leaked documents from Elon Musks companies, SpaceX and Tesla, as well as NASA contractor, Digital Management Inc., in other ransom bids. The amount Newcastle is being extorted for is currently unknown.
Brett Callow, a senior researcher at ransomware specialists Emsisoft, told Sky News that “it’s impossible for us to say what data may have been extracted during the attack. The small number of documents that have been posted are simply a warning shot: the digital equivalent of a kidnapper sending a pinky finger.”
Newcastle University has alerted the Information Commissioner’s Office, UK Police and the National Crime Agency, who are investigating the attack; but the University has said in a statement that “it will take several weeks” to address the issues, and that many IT services will thus not be operating in the meantime.
DoppelPaymer uses malware to monetise access to a victims’ network, with the malware being alike to that developed by Evil Corp; a hacker group accused of working with the Russian intelligence services and is sanctioned by the US. This means that if Newcastle University was to pay the ransom, they would be in violation of these sanctions.
A spokesperson for Newcastle University has said: “The investigation into the incident is still at an early stage.
“IT colleagues continue to work hard on the systems recovery plan, and to support the police and the National Crime Agency with their enquiries,”
They added: “However, we will not be able to share further detail on the incident until this initial investigation has concluded.
The Department for Education said: “We understand that cyber attacks on universities are disruptive for students and staff.
“It is imperative that student and staff data is secure. Every university must ensure their online security is as robust as possible to protect private data from cyber threats.”