Hackers Take Over College's Emergency Announcement System, Issuing Intimidating Messages to Students
In a chilling demonstration of growing ransomware tactics, the private Baptist university in Western Virginia, Bluefield University, was recently hacked by the notorious AvosLocker ransomware gang. The attack, which occurred on April 30th, resulted in the theft of 1.2 TB of data, including sensitive personal information of students and faculty.
The AvosLocker gang, known for deploying ransomware that encrypts victims' data and demands payment for decryption keys, took their tactics a step further by hijacking Bluefield University's emergency communications system, "RamAlert." This wireless emergency notification system is crucial for safety and is typically isolated, making the attack a rare and concerning development.
The hijacked system was used to spam students and faculty with threatening SMS messages, boasting about the hacking victory and warning of a potential data leak on the dark web. AvosLocker leaked a sample of stolen data on May 1st at 2:00 PM GMT as proof of the attack's severity. They also threatened Bluefield University's president with continued attacks if a ransom was not paid.
Bluefield University has urged students not to click on any links or respond to messages from AvosLocker. As of the university's disclosure, there was no evidence of financial fraud or identity theft resulting from the hack. However, the potential for such breaches remains a significant concern.
The Bluefield University incident and the Minneapolis Public School system attack demonstrate a growing trend of ransomware gangs using whatever resources they have at their disposal to make paying the ransom seem appealing. Ransomware gangs, such as AvosLocker, are becoming bolder and more creative in their execution of attacks.
While there is no specific information about AvosLocker’s methods in the Bluefield University case, their tactics might have involved sophisticated infiltration, leveraging trending cyber deception strategies, and possibly targeting isolated yet critical emergency systems to escalate ransom demands. This fits into broader ransomware patterns seen in education involving data encryption, operational disruption, and psychological coercion for ransom payment.
Educational institutions, with their valuable data and often weaker cybersecurity defenses compared to enterprises, are increasingly targeted by ransomware gangs. Attackers often disrupt administrative systems and can extend into communication systems to maximize impact. They use double extortion tactics: encrypting data and threatening to leak sensitive information. Increasingly, they are using deceptive techniques such as SEO poisoning to trick users into downloading malware.
As the threat of ransomware attacks continues to evolve, it is crucial for institutions to strengthen their cybersecurity measures and remain vigilant against these increasingly sophisticated threats.
- Gizmodo reported on a growing trend in ransomware tactics, citing the hack of Bluefield University by AvosLocker as a prime example.
- The hack involved more than just data encryption; AvosLocker also hijacked the university's emergency communications system, "RamAlert."
- Cybersecurity experts are concerned about this development, as it shows ransomware gangs like AvosLocker are becoming increasingly creative and bold in their execution of attacks.
- In the future, it will be essential for educational institutions to toughen their cybersecurity defenses and stay vigilant against these evolving threats.
