Connect with us

Cyber Security

A tail of two ransomware attacks



Two schools, two ransomware attack and two different outcomes.

The Allegheny Intermediate Unit school system was able to fend off a recent ransomware attack using back up files, meanwhile the University of Maastricht just disclosed it paid 30 bitcoins to regain control of its encrypted computer network.

Intermediate Unit (AIU), a regional public education agency that is part of
Pennsylvania’s public education system, reported that portions of its network recently
were hit with ransomware with the attackers demanding a ransom payment to
restore the files. The school system refused to pay the unnamed amount.

AIU interim
director Rosanne Javorsky hired an outside security firm to lock down and
restore the system using back up files.

“The AIU had
backup versions of the most critical information and was able to restore access
to the vast majority of the impacted files without engaging or paying the
intruder. To ensure the integrity of our systems and avoid similar incidents in
the future, we are reviewing our policies and procedures and continuing to
enhance the security of our information systems,” she said.

AIU does not
believe any information was removed from its system.

However, The
University of Maastricht, was unable to recover from a December 24, 2019 attack,
reported. The university hired the security firm Fox-IT which traced the attack
to the cybergang TA505 who used a phishing email most likely containing a malicious
document to download the malware. The school reported that the lost data
contained student and scientific work and the overall damage to the institution
was very severe.

IT News
reported the school considered rebuilding its system from scratch, but in the
end opted to pay the 30 bitcoin ransom, or about $300,000.

is a well-known threat group that has hit a variety of targets at least one U.S. based electrical
company, a U.S. state government network and one of the 25 largest banks in the
world. The gang is known for spreading Dridex, TrickBot and Locky malware, and
is widely considered synonymous with the alleged Russian cybercriminal outfit
Evil Corp.


Continue Reading