Data From These Two Universities Stolen and Published Online by Clop Ransomware Group

The Clop ransomware group has officially published online the grades and social security numbers for students at the University of Colorado and the University of Miami. 

From December, threat agents related to the Clop Ransomware Group had started to attack Accellion FTA servers and steal the data stored on their servers. These servers are used by companies to exchange confidential files and information with non-organizational people. The ransomware gang approached the companies and asked for $10 million in bitcoins and if the demand is not fulfilled then they would publish the stolen information on the internet. 

Since February, the team of Clop Ransomware has started to publish the compromised files that were stolen due to the flaws in the Accellion FTA file-sharing servers. Later this week the Clop Ransomware Gang began posting screenshots of compromised files from the Accellion FTA server that is used by Miami University and Colorado University. In February, Colorado University (CU) revealed a cyberattack that mentioned that the threat actors had stolen data through a vulnerability of Accellion FTA. 

The actors behind the Clop ransomware have started to post compromised data screenshots, including university files, university grades, academic records, registration details, and biographical information of students. 

While the University of Miami did not report any data breach, it used a protected ‘SecureSend’ file sharing program that had since been shut down. “Please be advised that the secure email application SecureSend (secure.send.miami.edu) is currently unavailable, and data shared using SecureSend is not accessible,” reads the University’s SecureSend page. 

Although the University of Miami never confirmed a security incident, still screenshots of patient information were released by the Clop ransomware operation. This information covers medical history, demographic analyses, and telephone numbers and email addresses. The data supposedly robbed from the University of Miami belongs to the patients of the health system of the University. 

“While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats. We continue to serve our University community consistent with our commitment to education, research, innovation, and service,” the University of Miami wrote. 

The ransomware gang has only published few screenshots at this time but is likely to release more documents to force victims to pay in the future.