The University of Utah Paid $457,000 to Ransomware Actors

Last updated June 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

The University of Utah has issued an announcement about a recent ransomware attack that compromised its systems, compelling the educational institute to pay roughly $457,000 to the actors. The attack took place on July 19, 2020, on a Sunday, which is typical of ransomware actors.

Almost immediately upon detection, the servers became inaccessible, and the university sought help from an external specialist. After restoration from backups and an internal investigation, it was determined that the actors managed to steal about 0.02% of the data stored on the targeted servers.

While this is a tiny percentage, the fact that it happens to include sensitive employee and student information isn’t helping with the situation. The actors - who haven’t been named by the university - engaged in a typical extortion process to force the institute into paying the ransom while threatening with a public disclosure of the exfiltrated information.

So, the University of Utah decided to give in, hoping that the actors will keep their word. As they clarified, they covered the cost from their own financial assets as well as their cyber insurance policy, so no state, donation, tuition, or grant funds were touched.

The faculty members and students exposed by this incident need to do nothing that the usual. That would be to set up 2FA, use unique and strong passwords, change them regularly, and use malware-cleaning tools to prevent the stealing of their platform access credentials. Reportedly, the compromised servers have been thoroughly cleaned, and no data has been lost thanks to the university’s regular backup policy.

As for future risks, the university says they have already invested a lot in protecting their systems against cyber-attacks. Still, the emerging needs for decentralization and remote access have created a problematic environment.

According to Emsisoft’s Brett Callow, the ransomware gang that is most likely hiding behind this attack is the NetWalker group. The particular group of actors has recently hit various universities, including the University of California, the City University of Seattle, the Columbia College, and the Michigan State University.

Since the actors already hold the data and have nobody to force them to delete it, it makes little sense to pay a ransom to prevent its publication. Even if they keep their promise, the data can always be used for phishing, scamming, and identity theft at a future date. So, $457k is a high price to pay for fixing your public image and making students feel supported.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: