The intrusion was limited to one unit on campus — the Department of Physics and Astronomy — and MSU’s information technology teams took swift action to prevent further exposure, including taking the impacted servers and workstations offline and notifying law enforcement, the university said in a news release.
The university is in the process of identifying the information that was compromised and will begin notifying individuals who may be impacted by the intrusion in the coming days and weeks, MSU said.
“First and foremost, our priority is determining what information was compromised and then working with anyone who may have been affected to provide them with the appropriate support,” said MSU Chief Information Officer Melissa Woo. “The safety and security of our IT systems and the people who use them are of paramount importance to MSU. It is why MSU continues to work diligently to strengthen and improve our information security systems and share best practices with our campus community.”
Technology blog ZDNet reported last week that the operators of NetWalker ransomware, sometimes referred to as Mailto, announced they had infected the MSU network and gave university administrators a week to pay an undisclosed ransom demand to decrypt their files.
On May 27, a tweet appeared with screenshots of a directory structure from the university’s network, a passport scan for a student and two scans of the university’s financial documents, according to ZDNet.
ZDNet reports that the NetWalker hacker group is one of 12 ransomware gangs that manage “leak sites,” where they threaten to publish data stolen from companies that refuse to pay decryption fees.
MSU will not be paying the demanded ransom after taking guidance from law enforcement partners, the university said.
“It is important to remember that these are criminal acts being carried out by individuals seeking nothing more than an opportunity to earn a quick buck at any person or entity’s expense,” said Kelly Roudebush, chief of the MSU Police Department. “Paying cyberintrusion ransoms perpetuates these crimes and provides an opportunity for the group to live another day and prey upon another victim.”
MSU IT offered the following security tips when working online:
Being aware of the possibility of phishing emails
Creating effective passwords
Using two-factor password authentication on devices and accounts whenever possible
Deleting files and data when finished using them
Remember to apply patches and updates to systems as they become available, .
The full MSU release can be viewed here.
©2020 MLive.com, Walker, Mich. Distributed by Tribune Content Agency, LLC.
