A hacker group reportedly accessed the computer systems of Knox College and gained access to student data, threatening students with the release of their private information. This is a major shift in ransomware attacks, which typically are aimed at institutions, not individual Americans.
NBC News reports students at Knox College, a small liberal arts university in Illinois, received an email on December 12 informing them that their private information had been accessed by hackers and was being held for ransom. A cybercriminal organization known as Hive had infiltrated the college’s computer system and obtained access to student information, a common tactic used by ransomware attackers.
The email, written in broken English, stated: “We have compromised your collage networks. The data we have includes your personal information, medical records, psychological assessments, and many other sensitive data.”
“Additionally all of your SSN and Medical records will be put for sale, for every hacker to gain access and use your data in whatever illegal activity they want,” the hackers wrote. “To us, this is a normal business day. For you, its a sad day where everyone will see your personal and private info.”
The attack at Knox College is the first known instance of hackers utilizing their access to directly contact and intimidate students. This demonstrates how the ongoing problem of ransomware, which caused an estimated $886 million in damages in the United States last year, has also led to hackers ramping up their efforts to coerce institutions into paying them.
Allan Liska, an analyst at the cybersecurity company Recorded Future, commented: “It’s getting harder and harder to convince victims to pay, so this is the kind of extremes they need to go to.”
“They’re taking this playbook that they’ve used with other businesses before, where they’ll email partners, they’ll email customers and let them know,” he said. “It’s a continual escalation in the extortion market.”
The ransomware attack on Knox College disrupted the school’s operations significantly. According to emails that school administrators sent to students, seen by NBC News, Knox administrators were concerned about the malicious code spreading and therefore initially shut down campus Wi-Fi and phones, encouraging students to go to the local library to get online. The attack also resulted in a delay in students receiving their grades, as the grade submission system was offline. All students and faculty with college-owned computers were told to shut them down and keep them offline unless they received permission in person from the school’s staff.
It is currently unknown whether Knox College will choose to pay in order to keep students’ information private. The school declined to provide further comments on the matter.
Read more at NBC News here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan