Staff and students at Manchester University have been sent threatening emails designed to put pressure on the institution to pay a ransom, following an earlier breach.
As reported by Infosecurity, the university revealed on June 9 that it had suffered a data breach after an unauthorized party accessed “some of our systems.” The attack was first discovered three days earlier.
However, the threat actors behind the attack now appear to be employing a classic ‘triple extortion’ tactic, where they contact the individuals whose data has been compromised, hoping that they demand the breached organization pays up.
“Following our reporting of a cyber-incident earlier this month, we are aware that some staff and students have been sent emails purporting to be from the people behind it,” a spokeswoman for the university reportedly said yesterday.
“All staff and students should be wary of opening suspicious emails or phishing attempts, and report them to our IT department.”
She added that the university was “working around the clock” to determine what data had been accessed.
The message apparently contains a “last warning” to the staff and student recipients that their personal information is about to be leaked onto the dark web, unless the university meets the hackers’ demands.
The UK’s education/research sector is the top target for ransomware actors with 3809 weekly attacks per organization in the past 6 months, according to Check Point figures seen by Infosecurity.
The incident is not thought to be connected to the MOVEit supply chain attacks in which countless global organizations had data stolen via a popular managed file transfer tool.
However, triple extortion is increasingly popular among ransomware actors as more organizations refuse to pay up.
In early May, after a ransomware attack on Bluefield University in Virginia, threat actors hijacked a mass alert system to warn of a major impending data leak.
Speaking at Infosecurity Europe yesterday, noted ethical hacker Keren Elazari cited triple extortion as one of the ways ransomware groups are innovating in order to stay one step ahead of network defenders.