Data supposedly belonging to the University of the West of Scotland (UWS) has been put up for auction by an extortion cybergang.
The university admitted to experiencing system issues earlier this month – which it called a “cyber incident”.
Now the ransomware gang Rhysida is demanding 20 bitcoin (£450,000) for the confidential data and says it will be sold to the highest bidder.
The BBC has approached UWS for comment as police continue their investigation.
Police were first alerted to the incident on 6 July. At the time, the university’s website was down and an error message apologised for “inconvenience”.
Initially, no criminal group came forward to claim responsibility, but now Rhysida is claiming it was behind the incident and has seemingly tried to use the stolen data to extort the university.
The data advertised on the gang’s deep web domain includes personal data belonging to staff such as bank details and national insurance numbers as well as internal university documents.
The BBC can confirm that the group listing is real but has been unable to verify the authenticity of the data.
However, the BBC’s cyber correspondent Joe Tidy said it was unlikely to be fake.
“In my experience though there is no reason to suggest they are lying,” he said. “These criminal gangs operate on profit and reputation. Perversely, it doesn’t serve them to fake stolen data.”
Brett Callow, a threat analyst for the cybersecurity company Emisoft, said the cyber-gang would probably be hoping the university would pay up.
“Realistically, the data likely doesn’t have anywhere near the value Rhysida is placing on it – at least, not to a third-party,” he said.
“They’ll be hoping the university pays up in order to prevent the information being released onto the dark web and subsequently used by other cybercriminals to commit identity fraud.”
The Rhysida ransomware group was first observed in May of this year according to the cybersecurity website Sentinel One. It has launched attacks on multiple organisations across the world.
Sentinel One said the group positioned itself as a “cybersecurity team” which is doing its victims a favour by targeting their systems and highlighting flaws in their online security.
UWS has campuses in Paisley, Ayr, Dumfries and Blantyre, as well as London.
At the time of the incident, a UWS spokesperson told BBC Scotland the university was working with police, the National Cyber Security Centre, and the Scottish government to resolve the issue.
The National Cyber Security Centre’s website says it does not encourage, endorse, nor condone the payment of ransom demands.
A police spokeswoman said: “An investigation is under way following a report of a cyber incident in Paisley. The matter was reported to police on 3 July, 2023 and inquiries are ongoing.”
Last month, the University of Manchester was targeted by a similar cyber-attack and a number of organisations including the BBC were affected by a separate mass hack.
