Michigan State University Hit by Ransomware, Refuses to Pay Criminals

MSU officials stated that the ransomware gang won’t receive any payments following the attack.

In early June, media outlets reported that the NetWalker ransomware gang had attacked Michigan State University, or MSU. At the time, the gang threatened to leak students’ records and financial documents. The university’s officials now have said that they will not pay the ransom.

According to Detroit Free Press, the unspecified bounty requested in crypto by the ransomware group will not be paid by MSU. Officials did not publish an official statement addressing the reasons behind the decision.

The attack seems to have happened on the U.S. Memorial Day holiday. It shut down the MSU’s computer systems, and breached its security structure by compromising data mainly from the Department of Physics and Astronomy.

Hackers threaten to leak the stolen data

Michigan State Police are currently providing technical assistance and sharing information with federal officials, as per local media.

The gang reportedly published a countdown clock that warns they will leak stolen data if MSU does not pay the ransom. The hackers have since published proof that they are able to access the stolen documents.

Speaking with Cointelegraph, Allan Liska, solutions architect at cybersecurity firm Recorded Future, explained about how NetWalker operates:

“NetWalker is part of a new breed of ransomware families, the actors are generally sophisticated and have a good deal of insight into how corporate networks operate. They take their time once they are inside a network and they know which data to extract to force an extortion payment if the victim will not pay the ransom.”

The cybersecurity firm further highlights that schools, in general, have been targeted for a long time by ransomware gangs:

“Part of that is ease of entry, whether you are talking about grade school, high school or college there are generally many internet-facing systems associated with a school. There is also often little budget for security, meaning attackers have lots of opportunity to gain access. Computing services are also increasingly critical to the functioning of the school. In the United States we saw a rash of ransomware attacks against school systems in August and September of 2019.”

Should the victims pay the ransom?

Liska says that paying the ransom is ultimately a “business decision,” and it comes down to a matter of risk management. However, the solutions architect of Recorded Future noted:

“Whether an organization decides to pay the ransom or not, it is important to remember that you are dealing with criminals, paying the ransom doesn’t always guarantee that your files will be unencrypted and it doesn’t always mean that stolen files won ‘t eventually be sold on underground forums anyway. Sadly, there are no good answers once the files have left your organization’s network.”

On June 10, city officials of Florence, Alabama stated their intention to pay a ransom of nearly $300,000 worth in Bitcoin (BTC). They cited concerns that failing to do so may result in private citizens having their data leaked after a ransomware attack by DoppelPaymer.

Cointelegraph also reported on June 3 that the NetWalker ransomware group targeted three US-based universities.