The University of Utah paid a fee of more than $450,000 to attackers after they infected a portion of its servers with ransomware.
The University of Utah's CSBS building. On July 19, 2020, the Information Security Office (ISO) notified the university's College of Social and Behavioral Science (CSBS) that ransomware had infected some of its servers. ISO responded by isolating the CSBS servers from the rest of the university's network, notifying law enforcement and enlisting the help of an outside consultant to investigate what had happened. This investigation revealed that the ransomware had infected approximately 0.02% of data contained on the CSBS servers. That information contained both employee and student details. At the time of writing, ISO was still investigating the incident to determine exactly what kinds of information the ransomware attack affected. Even so, university officials decided to pay the ransomware attackers to disincentivize them from publishing any information they might have stolen off the infected servers on the Internet. The university drew upon its cyber insurance policy to pay part of a fee worth approximately $457,059.24 USD at the time of the transaction. The rest came from the University of Utah but did not affect tuition or taxpayer funds. Simultaneously, ISO forced all students, faculty and staff members to change their passwords and to encourage that they exercise good password hygiene going forward. Per the university's statement:
Continue to use strong passwords, change them at regular intervals and use two-factor authentication. This is the best way to prevent security incidents in a large, complex organization like the University of Utah. There are no other steps members of the university community need to take.
In terms of technology, the university said that it had invested in additional security measures including network monitoring and vulnerability scanning to block future ransomware attacks. It also announced its intentions to centralize the university network to further defend against crypto-malware attackers.