HomeTop StoriesScottish university allegedly targeted in ransomware attack

Scottish university allegedly targeted in ransomware attack

Data supposedly belonging to the University of the West of Scotland (UWS) has been put up for auction by an extortion cybergang.

The university admitted to experiencing system issues earlier this month – which it called a “cyber incident”.

Now the ransomware gang Rhysida is demanding 20 bitcoin (£450,000) for the confidential data and says it will be sold to the highest bidder.

The BBC has approached UWS for comment as police continue their investigation.

Police were first alerted to the incident on 6 July. At the time, the university’s website was down and an error message apologised for “inconvenience”.

Initially, no criminal group came forward to claim responsibility, but now Rhysida is claiming it was behind the incident and has seemingly tried to use the stolen data to extort the university.

The data advertised on the gang’s deep web domain includes personal data belonging to staff such as bank details and national insurance numbers as well as internal university documents.

See also  Last winter was most expensive in history for MnDOT, report says

The Rhysida ransomware group was first observed after it launched cyber-attacks on the Chilean Army

The BBC can confirm that the group listing is real but has been unable to verify the authenticity of the data.

However, the BBC’s cyber correspondent Joe Tidy said it was unlikely to be fake.

“In my experience though there is no reason to suggest they are lying,” he said. “These criminal gangs operate on profit and reputation. Perversely, it doesn’t serve them to fake stolen data.”

Brett Callow, a threat analyst for the cybersecurity company Emisoft, said the cyber-gang would probably be hoping the university would pay up.

“Realistically, the data likely doesn’t have anywhere near the value Rhysida is placing on it – at least, not to a third-party,” he said.

“They’ll be hoping the university pays up in order to prevent the information being released onto the dark web and subsequently used by other cybercriminals to commit identity fraud.”

See also  The sneaky master plan behind Erdogan's sudden split from Putin

A Rhysida centipede

The cyber-criminal group get their name from the Rhysida centipede

The Rhysida ransomware group was first observed in May of this year according to the cybersecurity website Sentinel One. It has launched attacks on multiple organisations across the world.

Sentinel One said the group positioned itself as a “cybersecurity team” which is doing its victims a favour by targeting their systems and highlighting flaws in their online security.

UWS has campuses in Paisley, Ayr, Dumfries and Blantyre, as well as London.

At the time of the incident, a UWS spokesperson told BBC Scotland the university was working with police, the National Cyber Security Centre, and the Scottish government to resolve the issue.

The National Cyber Security Centre’s website says it does not encourage, endorse, nor condone the payment of ransom demands.

A police spokeswoman said: “An investigation is under way following a report of a cyber incident in Paisley. The matter was reported to police on 3 July, 2023 and inquiries are ongoing.”

See also  British Prime Minister Rishi Sunak braced for defeat in key elections

Last month, the University of Manchester was targeted by a similar cyber-attack and a number of organisations including the BBC were affected by a separate mass hack.

- Advertisement -


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments