Manchester University is currently facing a challenging situation as it deals with threatening emails sent to staff and students in an attempt to extort a ransom. This comes in the wake of a data breach at the university, which was announced on June 9. The breach involved unauthorized access to university systems, and now the hackers are resorting to what is known as “triple extortion”, according to a report by BBC.
The university has urged all staff and students to exercise caution when dealing with suspicious emails or potential phishing attempts and to report any such incidents to the IT department. They are also working diligently to determine the extent of the data breach and resolve the issue as quickly as possible. The university spokesperson stated, “We know this will cause concern to members of our community and we are very sorry for this. Our priority is to provide information to those affected and focus all available resources on resolving this issue.”
The incident at the University of Manchester is a cause for concern, but it is not an isolated event. The education sector has increasingly become a prime target for hackers, with numerous malicious actors targeting schools and universities. A recent report by Microsoft revealed that over 6.8 million cyber attacks have been reported, with around 63% occurring at the beginning of 2022.
In addition to the Manchester University data breach, Palo Alto Networks recently shared a report on Vice Society, a ransomware group actively engaging in high-profile attacks against schools throughout 2022. This group takes a different approach compared to other ransomware groups. Instead of developing custom payloads, they incorporate modified versions of existing ransomware strains into their attack chain. These strains, such as HelloKitty (FiveHands) and Zeppelin, are readily available on DarkWeb marketplaces, making them an appealing option for Vice Society.
The targeting of the education sector by Vice Society prompted the FBI, CISA, and the MS-ISAC to release a joint Cybersecurity Advisory (CSA) in September 2022. They highlighted the disproportionate number of ransomware attacks against schools and warned that the frequency of these attacks may escalate in the 2022-23 school year. It is crucial for educational institutions to remain vigilant and take necessary precautions to protect against such threats.
The Manchester University data breach serves as a reminder of the importance of cybersecurity measures in the education sector. Institutions must invest in robust security systems, train staff and students to recognize and report suspicious activities, and collaborate with relevant authorities to address and prevent future attacks. By taking proactive steps, universities can mitigate the risk of data breaches and protect the sensitive information of their staff and students.
In conclusion, Manchester University is currently dealing with threatening emails sent to staff and students following a data breach. The education sector has become a prime target for hackers, with Vice Society being one of the ransomware groups actively engaged in high-profile attacks against schools. It is crucial for educational institutions to prioritize cybersecurity measures and collaborate with authorities to address the increasing threats in the digital landscape.