SALT LAKE CITY — The University of Utah's College of Social and Behavioral Sciences was the target of a criminal ransomware attack in July, the university announced Thursday, which the school ultimately resolved by paying the hackers nearly half a million dollars.
The attack occurred on Sunday, July 19, the U. said in a news release. It affected about .02% of the data on the college's servers, including employee and student information, according to the university.
"The university notified appropriate law enforcement entities," the release says, "and the university’s Information Security Office (ISO) investigated and resolved the incident in consultation with an external firm that specializes in responding to ransomware attacks."
A ransomware attack occurs when a hacker gains access to a system and then encrypts a victim's files so they become inaccessible. The hacker then demands a ransom to restore user access to files, and sometimes — as in this instance — threatens to leak sensitive information onto the internet if the ransom isn't paid.
That's why the university opted to pay the ransom, it said, "as a proactive and preventive step to ensure information was not released on the internet."
The university paid $457,059.24 to prevent the release. College data was restored from system backups.
"The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder," the U. wrote. "No tuition, grant, donation, state or taxpayer funds were used to pay the ransom."
Students and faculty were directed to change their university passwords on July 29. The university encourages them to "continue to use strong passwords, change them at regular intervals and use two-factor authentication" to prevent security incidents in the future. While the university says it is constantly monitoring for security threats, its "decentralized nature and complex computing needs" still present vulnerabilities.
The university is working to centralize college data to address these problems, it said.