Grades and social safety numbers for college kids on the College of Colorado and College of Miami affected person information have been posted on-line by the Clop ransomware group.
Beginning in December, risk actors affiliated with the Clop ransomware operation started concentrating on Accellion FTA servers and stealing the info saved on them. Firms use these servers to share delicate recordsdata and data with individuals exterior of their group.
The ransomware gang then contacted the organizations and demanded $10 million in bitcoin or they might publish the stolen information.
Since February, the Clop ransomware operation has been publishing recordsdata stolen using vulnerabilities in Accellion FTA file-sharing servers.
Clop is now publishing scholar, college information
This week, the Clop ransomware gang began publishing screenshots of recordsdata stolen from Accellion FTA servers utilized by the College of Miami and Colorado.
In February, the College of Colorado (CU) disclosed that they suffered a cyberattack the place risk actors stole information through the Accellion FTA vulnerability.
“Whereas the total scope has not but been decided, early data from the forensic investigation confirms that the vulnerability was exploited and a number of information sorts might have been accessed, together with CU Boulder and CU Denver scholar personally identifiable data, potential scholar personally identifiable data, worker personally identifiable data, restricted well being and scientific information, and examine and analysis information,” CU’s data breach notification said.
The Clop ransomware has begun to submit screenshots of the stolen information, together with college monetary paperwork, scholar grades, tutorial information, enrollment data, and scholar biographical data.
Whereas the College of Miami didn’t disclose an information breach, they did use a safe file sharing service known as ‘SecureSend’ that has since been shut down.
“Please be suggested that the safe e-mail utility SecureSend (secure.send.miami.edu) is at the moment unavailable, and information shared utilizing SecureSend is just not accessible,” reads the College’s SecureSend page.
From URLs discovered by BleepingComputer, this SecureSend service was additionally powered by an Accellion FTA server.
Whereas the College of Miami by no means disclosed a safety incident, the Clop ransomware operation additionally printed screenshots of affected person information.
This information consists of medical information, demographic experiences, and a spreadsheet with e-mail addresses and telephone numbers.
The College of Miami information seems to belong to sufferers of the College’s well being system.
BleepingComputer has reached out to the College of Miami to study extra concerning the assault on their Accellion FTA server however has not heard again as of but.
Right now, the ransomware gang has solely launched just a few screenshots for every College however will seemingly launch extra recordsdata sooner or later to strain the victims to pay.
Different Accellion FTA victims extorted by Clop embody the supermarket giant Kroger, the Reserve Bank of New Zealand, the Australian Securities and Investments Commission (ASIC), Singtel, QIMR Berghofer Medical Research Institute, and the Office of the Washington State Auditor (“SAO”)., and the vitality firm Shell,