Ransomware operators are always looking for innovative ways to pressure victims into complying with their demands, and now, for the first time, an emergency broadcasting system has been used for this purpose.
A ransomware group calling itself Avos recently targeted Bluefield University, a private institution in Virginia housing about 900 students.
At the end of April this year, the institution fell victim to a ransomware attack that forced it to postpone all exams. At the time, the attackers claimed they had not committed financial fraud or identity theft: “Faculties and students can safely use and access MyBU, Canvas, and library resources through the university’s website,” explained Bluefield University.
Applying pressure
However, cybercriminals seem to have managed to steal confidential information after the university’s RamAlert emergency broadcasting system was used to send both staff and students a brief message about the attack:
“We hacked a university network to steal 1.2 TB of files,” reads one of the messages, according to a screenshot posted online. “We have admissions data from thousands of students. Your personal information may be disclosed on the darkweb blog.”
“DO NOT LET the University lie about the severity of the attack! As evidence, we provide a sample on Monday, May 1, 2023 at 18:00:00 GMT (14:00:00)”
The group kept its word and released a small sample in early May that includes the University President’s W-2 tax form and insurance policy documents.
For years, ransomware operators have used all kinds of tactics to force victims to pay the ransom. Data exfiltration and threatening to leak it to the network is another example. In some cases, the attackers also carried out DDoS attacks on the company or called executives on their private phones and threatened to expose sensitive data on the dark web.
By: Beeping Computer