Security News > 2020 > February > Netherlands University Pays $240,000 After Targeted Ransomware Attack
UM has been open and forthcoming on the details of the attack, providing detailed insight into a classic targeted ransomware attack.
"The modus operandi of the group behind this specific attack," said Fox-IT in a forensic report commissioned by UM, "Comes over with a criminal group that already has a long history, and goes back to at least 2014. The group is often referred to publicly as 'TA505', as well as 'GraceRAT', named after one of the tools used by the group."
One of these had not been fully patched, and the group was able to gain full rights across the infrastructure.
The group surveilled the topology and was able to collect multiple account usernames and passwords.
There is little doubt that ransomware attacks against universities will continue, while cyber insurance already has a good track record in funding victims' ransom payments.
News URL
Related news
- Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (source)
- North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- City of Columbus: Data of 500,000 stolen in July ransomware attack (source)
- Columbus, Ohio, confirms 500K people affected by Rhysida ransomware attack (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- New Ymir ransomware partners with RustyStealer in attacks (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)