MSU is the victim of a ransomware attack and refuses to pay the ransom

In early June, the media reported that the ransomware group, NetWalker, had attacked Michigan State University, or MSU. At the time, the group threatened to leak student records and financial documents; university officials have said they will not pay the ransom.

According to Detroit Free Press, MSU will not pay the ransom and the specified amount in crypt coins that was requested by the ransomware group is still unknown. Officials did not release an official statement on the reasons behind this decision.

The attack appears to have been perpetrated during the United States‘ Memorial Day commemoration, shutting down MSU’s computer systems and violating its security structure by compromising the data primarily of the Department of Physics and Astronomy.

The data seems to contradict Bifinex’s story about the decline of its Bitcoin deposits

Hackers threaten to leak stolen data
Michigan State Police currently provide technical assistance and share information with federal officials, according to local media.

According to reports, the group published a countdown clock warning that they will filter the stolen data if Immediate Edge does not comply with their demands. Since then, the hackers have published evidence that they can access the stolen documents.

Speaking with Cointelegraph, Allan Liska, solution architect for cybersecurity firm, Recorded Future, explained how NetWalker operates:

„NetWalker is part of a new generation of ransomware families, the players are generally sophisticated and have a good understanding of how corporate networks operate, they take their time once they are inside a network and know what data to extract to force an extortion payment if the victim does not pay the ransom.

The cybersecurity firm further notes that schools, in general, have long been frequent targets of ransomware groups:

„Part of that is because of the easy access, whether you are talking about an elementary school, high school or college, there are usually many systems connected to the Internet associated with a school, often there is also little budget for security, which means that attackers have many opportunities to gain access, computer services are also increasingly critical to the operation of schools, In the United States we saw a wave of ransomware attacks against school systems in August and September 2019 „

Testing an army of hackers may help improve the security of cryptosystems, but isn’t that enough already?

Should the victims pay the ransom?
Liska says paying the ransom is ultimately a „business decision,“ and it is a matter of risk management, however, the Recorded Future solutions architect noted:

„Whether an organization decides to pay the ransom or not, it is important to remember that these are criminals, paying the ransom does not always guarantee that your files will be decrypted and does not always mean that the stolen files will eventually not be sold on underground forums anyway, unfortunately, there are no good answers once the files have left your organization’s network.

On June 10, officials in the city of Florence, Alabama, said they intended to pay a ransom of nearly $300,000 at Bitcoin (BTC), expressing concern that if they did not, their citizens‘ private data could be leaked after a ransomware attack by DoppelPaymer.

Cointelegraph also reported on 3 June that the ransomware group, NetWalker, has set its sights on three US-based universities.