(CBS4) – A ransomware group has leaked data allegedly stolen from the University of Colorado on the dark web. In February, CU announced it was investigating a cyberattack believed to be the largest in the university’s history.
The attack targeted a vulnerability in the File Transfer Appliance from Accellion, a third-party vendor. Accellion says the hack impacted fewer than 100 clients, with 25 suffering significant data theft.READ MORE: Personal Information Compromised In CU Cyberattack Believed To Be Largest In University History
The ransomware group Clop has published data from 25 Accellion hacks on the dark web, including data from the University of Colorado. Cybersecurity threat analyst Brett Callow of Emsisoft says it is highly likely that Clop has additional data from other Accellion hacks.
“Whether Clop is responsible for the hacks or is simply handling the extortion is impossible to say, but I suspect the latter,” Callow added.
Officials have not said if CU received ransom demands from the Clop group. On Tuesday, the university said it is still investigating the scope of the attack.
“Organizations in this position are without good option,” Callow explained. “If they don’t pay the ransom demand, their data will be released online in a series of installments. If they do pay, they’ll simply receive a pinky-promise that the stolen data will be destroyed. Obviously, there is absolutely no reason to believe that the criminals would actually do this, especially if the data has significant market value.”READ MORE: Cyberattack Disrupts Brewing Operations At Molson Coors
CU Boulder was notified of the Accellion attack on Jan. 25. The university’s Office of Information Security determined files uploaded by 447 CU users were at risk of unauthorized access. Officials said personal information of CU Boulder and CU Denver students, along with prospective students, and employees may have been accessed.
The university is preparing to notify those affected by the data breach. CU said it would provide monitoring services at no cost for anyone whose information was compromised. In the meantime, students and employees can take proactive steps to protect their identity by visiting identitytheft.gov/databreach.
Accellion said on March 1 that all known File Transfer Appliance vulnerabilities have been remediated.
“Since becoming aware of these attacks, our team has been working around the clock to develop and release patches that resolve each identified FTA vulnerability, and support our customers affected by this incident,” said Jonathan Yaron, Accellion’s Chief Executive Officer.
CU said it plans to switch to a different file sharing product. Additionally, officials plan to move university data to a cloud-hosted environment and add multi-factor authentication as an extra layer of security.MORE NEWS: Dark Web In Colorado? Federal Agents Raid Home Seeking Child Porn, ‘Wreck Lives’ Of Arvada Family