Michigan State University was just hit by a ransomware group called NetWalker and is now under a deadline for leaking their stolen files public. The ransomware group has given the university one week to pay the undisclosed ransom, if not, the stolen data will be published on NetWalker’s blog that’s maintained by the group in the dark web.
NetWalker Ransomware is the same group behind the attack on Toll firm, which is Australia’s largest shipping company. This group has now captured one of the US’s oldest universities, Michigan State University. This was first seen on a blog that’s affiliated to NetWalker, claiming the university’s financial info and personal records of students were stolen. Further, a week was given to pay the ransom amount, which was undisclosed yet.
NetWalker Ransomware, also known as Mailto, has emerged recently in mid-2019. This group targets enterprises rather than individuals, to procure hefty lump sums rather than petty payments. And, it’s one of those groups that adopted the new trend in ransomware space – threatening to expose stolen data publicly if the ransom is not paid. It was popularized by the Maze ransomware group, and several other groups have even leaked the data as warned.
To confirm the authenticity of their attack, the group has shared few screenshots of a stolen file directory and a scanned copy of a student’s passport! They claim to have the data of University’s financials (as shared a snippet of 2015 financial) and other sensitive information regarding students including identification and banking details. The University has over 40,000 students.
The group has given the University one week, to pay the ransom amount. And if not paid, it may leak the sensitive stolen data on the group’s blog on the dark web. Researchers guess the group has attacked through password spraying or phishing attacks to infect the network.