Cybercriminals forced class cancellations, limited access to critical staff systems, and exposed sensitive information of thousands of students at a New Mexico university, and an Oklahoma school continued to evaluate damage caused by a ransomware gang.
New Mexico Highlands University (NMHU) said she was forced to cancel all classes until this weekend after initially reporting an incident on April 3. Cancellations began that day and affected the public university campuses in Albuquerque, Rio Rancho, Santa Fe and Farmington.
NMHU initially said the campus police switchboard and police stations — where students can report emergencies — were not working. The school had to provide alternate telephone numbers in case of emergency.
The school said that on April 5, the cybersecurity company it hired to deal with the network outage confirmed it was a ransomware attack. Faculty and staff salaries were also affected by the incident.
The school said responders told it it was “one of several public entities recently attacked,” but university spokesman David Lepre. said the Albuquerque Journal that they were not informed of other New Mexico institutions affected by the recent attacks.
“We are still working to determine the true extent of the attack,” the school said. “To this end, ITS began installing software on university computers to facilitate the investigation. This software is strictly restricted and only monitors malicious activities.
The FBI and several state law enforcement agencies are involved in the response, he added.
On Tuesday, the school — which serves about 4,000 students — said phones on campus had been restored but internet and VPN connectivity were still down. NMHU has established centers on campus to help employees with payroll and other actions that cannot be accomplished without the school network.
The school was already attacked by an anonymous ransomware gang in 2019, causing similar technology outages for nearly two weeks.
New Mexico institutions have faced a barrage of ransomware attacks in recent years, including several K-12 schools across the state, hospitalsAnd several counties — including one who was attacked twice over the last two years.
The attacks prompted Governor Michelle Lujan Grisham to issue a decree last week, demanding comprehensive action to strengthen cybersecurity measures at state agencies. The order directs the Department of Information Technology (DoIT) to conduct comprehensive information technology and security assessments of state agencies to detect vulnerabilities and strengthen defenses as necessary. The order also “encourages all public agencies not subject to the order to voluntarily comply with its rules, standards, and requirements.”
“Cybersecurity is not just a technology issue; it’s a matter of public safety and national security,” Grisham said.
New Mexico is also one of the few states pass bills providing funding for cybersecurity training and ransomware response tools.
BlackSuit ransomware attack in Oklahoma
East Central University in Ada, Oklahoma, announced this week that it is investigating a ransomware attack that occurred in February.
The liberated school several notice claiming that although the attack was largely unsuccessful – destroying only a few campus computers – the hackers were still able to access significant amounts of student information, including Social Security numbers.
The notices also explicitly mention that the school was attacked by the BlackSuit ransomware gang – A change brand of the Royal ransomware group which launched the devastating attack on the city of Dallas.
“East Central University suffered a directed attack from a cybercriminal group and malware known as BlackSuit. Although the criminals were not successful in taking down ECU’s essential services, they were able to carry out a successful attack on various campus computers,” the school told students.
“The extent and scale of the data involved on the attacked servers is still under investigation, but at this time there is no evidence that any information was recovered. However, this week we determined that a number of individual names and Social Security numbers may have been accessible to the criminal group – although we have no confirmation that they were actually accessed, let alone taken , we provide this notice as we continue. investigate.”
The school’s IT team worked with a cybersecurity company to stop the attack, reset passwords and answer any questions students and faculty might have.
They still don’t know how the ransomware group got into the school’s systems, but noted that they “saw an increase in spam/malicious emails in the days leading up to the attacks.”
Several ransomware experts said the number of attacks on universities, colleges and other post-secondary schools in the United States was slightly lower than last year at the same time.
Emsisoft threat analyst Brett Callow said his team has tracked 14 attacks on US colleges and universities so far this year, while Recorded Future ransomware expert Allan Liska said that its data also showed a slight drop in the number of attacks targeting post-secondary schools this year.
Emsisoft follow up at least 72 US-based postsecondary schools hit by ransomware in 2023.
Future saved
Intelligence cloud.