Michigan State University (MSU), located in East Lansing, Michigan, is one of the premier institutions in the Midwest. This is a 5,300-acre campus with 563 buildings, with nearly 20,000 cares throughout Michigan used for agricultural and natural resources research and education. In Fall 2019, there were 49,809 students. With such a large number of students, the amount of data generated by the students and administration staff is massive year after year. This data, including the confidential data from the students, provided a significant target for the attackers. This proved to draw these persons to the University’s servers and data.
Ransomware has been a nasty part of our environment from the last few years. This is a good attack tool due to its low operational overhead and potential large payoff. With this mode, it simply takes the right person in the right department to click on the malware or link. Unfortunately for MSU, the tool was used against the university successfully. The attackers were able to breach the network, access the targeted data, and exfiltrate this. The attackers have demanded a ransom to be paid within a week of the successful attack or they will publish the stolen files. If the university happens not to pay the ransom, the attackers are willing to leak the documents.
The university believes, but is not certain, that the breach and subsequent intrusion was to one (1) isolated unit on the campus. While this is a good thing, the breach itself is still an issue. The files included student, e.g. passport scans, and other private, confidential data, along with university financial documents.
The attackers apparently used Netwalker, sometimes referred to as Mailto, ransomware. The ransomware variant was coded to attack the enterprise, in comparison to individual user stations. With this ransomware variant, once the clock runs down to zero, the data and the decrypt key are automatically published.
This is a rather significant issue. There is a prominent university pwned, and their data is being held for ransom. After this was detected, the IT Department took offline the affected systems and servers. This was done to prevent further exposure. MSU’s IT Department notified law enforcement, including the MSU Police Department and Michigan State Police, of the successful attack and threats to begin the investigation.
The latest successful attack is yet another clear indication that we need more cybersecurity training that is relevant. Without this, these attacks will continue to be successful and cause an abundance of harm to the organization, staff, and other parties as part of the collateral damage.
Cimpanu, C. (2020, May 28). Michigan state university hit by ransomware gang. Retrieved from https://www.zdnet.com/article/michigan-state-university-hit-by-ransomware-gang/
Dissent. (2020, May 28). Michigan state hit by ransomware threatening leak of student and financial data. Retrieved from https://www.databreaches.net/michigan-state-hit-by-ransomware-threatening-leak-of-student-and-financial-data/
Freed, B. (2020, May 27). Michigan state hit by ransomware threatening leak of student and financial data. Retrieved from https://edscoop.com/michigan-state-hit-by-ransomware-threatening-leak-of-student-and-financial-data/
Guzman, W. (2020, May 28). Michigan state target of ransomware attack threatening to release university data. Retrieved from https://statenews.com/article/2020/05/michigan-state-target-of-ransomware-attack-threatening-to-release-university-data?ct=content_open&cv=cbox_latest
Marowski, S. (2020, May 28). Ransomware attack threatens to release stolen Michigan state university files. Retrieved from https://www.mlive.com/news/jackson/2020/05/ransomware-attack-threatens-to-release-stolen-michigan-state-university-files.html
Michigan State University. (n.d.). MSU facts. Retrieved from https://msu.edu/about/thisismsu/facts.php
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!