East Central University (ECU) in Ada, Oklahoma, revealed that a ransomware gang launched an attack on its systems, causing some computers and servers to be encrypted and sensitive information to be stolen.
ECU claimed in an advisory on its website that the BlackSuit ransomware gang was unsuccessful in taking down the university’s critical services but was “able to conduct successful attacks on a variety of campus computers.”
In response to the attack, ECU said it called for the assistance of external cybersecurity experts to reset student passwords and reassess its security systems.
While ECU has not confirmed the exact nature of how the ransomware breached the university’s systems, it said there was “an increase in spam/malicious emails in the days leading up to the attack.”
The full impact of the February 16 attack is still under investigation, but the ECU now says it has determined that the hacking group may have obtained the names and Social Security numbers of a number of individuals.
The leakage of sensitive personally identifiable information clearly provides opportunities for fraudulent activity.
This is not the first time BlackSuit ransomware has targeted the education sector.
Late last year, for example, it claimed responsibility for a series of attacks at schools in central Georgia and at DePauw University’s liberal arts college in Indiana.
The BlackSuit ransomware gang recently claimed responsibility for a cyberattack on Select Education Group in California that exposed sensitive personal information of approximately 70,000 people.
It’s not just educational organizations that need to be wary of the BlackSuit ransomware gang. The U.S. Department of Health and Human Services (HHS) issued a warning to the health care public sector late last year, calling BlackSuit “a threat actor to watch closely in the near future.”
ECU said it “will update its community” on any additional information regarding the attack. It advises those who think they may be affected to visit identitytheft.gov for advice on how to tell if they have been a victim of identity theft and what to do if their details are lost or stolen.
