“We don’t normally get alerts unless it’s about something going on, on campus such as shooter drills, classes canceled due to weather,” Michaela Rose, a Bluefield University student who received the hackers’ messages, told NBC News in a Facebook conversation.
“We are all pretty stressed and worried about the situation due to we don’t know exactly all the details and what’s really going on,” she said.
In pursuit of payment, many hacking groups have become more aggressive in pressuring institutions by taking their appeals directly to people whose files are stolen. In at least one instance, hackers who attacked a Tennessee college emailed students directly, threatening them if their school didn’t pay. In another, hackers who accessed extremely sensitive files of schoolchildren in Minneapolis advertised their exploits on Facebook and Twitter.
Ransomware attacks have become a near-constant scourge, targeting schools, companies and government bodies across the U.S. But Bluefield’s hackers appear to be the first to use an emergency alert system to pressure a victim, said Brett Callow, an analyst at the cybersecurity company Emsisoft.
Ransomware hackers tend to use whatever tools are at their disposal to coerce victims, including encrypting their computer files, publishing stolen information on their websites and promoting their crimes.
NBC News is not naming the hacker group. School information was not published on the group’s website as of Wednesday morning, though ransomware gangs frequently publish, remove and republish victims’ data on their sites.
Bluefield is currently advising students and faculty to not send emails from their school accounts. The university spokesperson declined to comment on whether the school was considering paying the hackers.
Ransomware hackers are rarely publicly identified and often live outside of direct reach of U.S. law enforcement. The hacker group named in the text messages sent to Bluefield students and faculty is one that primarily speaks Russian in underground forums, said Allan Liska, a ransomware expert at the cybersecurity company Recorded Future.
Schools, which rarely invest heavily in cybersecurity, are frequent targets for ransomware hackers, even though many don’t have major funds to pay their attackers. Last year, Lincoln College in Illinois became the first American college to shut down after having difficulty bouncing back from a ransomware attack.
At least 44 American colleges and universities were attacked with ransomware last year, said Callow, the Emsisoft analyst.
This week, which is finals week for many schools, the attacks are even more severe. Ransomware groups have named five other American colleges as victims since Monday, Callow said.
Bluefield, which was supposed to begin its finals on Monday, started them on Tuesday instead.
Source: | This article originally belongs to Nbcnews.com
