The operators of the NetWalker (Mailto) ransomware have announced today that they’ve infected the network of Michigan State University (MSU).
The ransomware gang has given MSU administrators a week to pay an undisclosed ransom demand to decrypt their files, reports ZDNet.
In case MSU officials refuse to pay or choose to restore from backups, the ransomware gang is prepared to leak documents stolen from the university’s network on a special website the group is operating on the dark web.
NetWalker operators have already published five images on the site to support their claims. These include two images showing a directory structure allegedly from the university’s network, a passport scan for a student, and two scans of Michigan State financial documents.
The NetWalker group is one of the 12 ransomware gangs that manage “leak sites” where they threaten to publish data in revenge against companies that refuse to pay the file decryption fees.
Past victims of the NetWalker group include Australian shipping giant Toll and the government network of Austrian city Weiz.
The damage on MSU’s internet IT network is unclear, as students and most employees have been sent home due to the coronavirus (COVID-19) pandemic, and internal systems may not impact the university’s ability to hold virtual classes.
An MSU spokesperson did not return a request for comment seeking additional details.
Researchers have found hackers are increasingly targeting university students and staff members through phishing emails during the coronavirus crisis. In April, a ransomware attack shut down the servers of Illinois Valley Community College.
Here’s how a professor of computer science at Columbia University says you can protect university students and faculty from phishing scams.