View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
July 26, 2023updated 27 Jul 2023 10:22am

Cyberattack on University of West Scotland claimed by Rhysida ransomware gang

The gang has claimed responsibility for the breach, and says it has stolen data that it is auctioning off for 20 Bitcoin.

By Claudia Glover

Data supposedly stolen from The University of West Scotland (UWS) has been put up for auction on ransomware gang Rhysida’s dark web victim blog, hinting that the university has refused to cooperate with the group’s demands for payment. UWS admitted to experiencing system issues earlier this month attributing the disturbance to a “cyber incident”. 

The Rhysida ransomware gang derives its name from a species of millipede. (Photo by Jitender Kumarj/Shutterstock)

The gang is demanding 20 bitcoin (£452,640) for the data, and says it will be sold to the highest bidder.

University of West Scotland cyberattack claimed by Rhysida ransomware gang

UWS announced it suffered the attack on 7 July, enlisting the help of the National Cybersecurity Centre (NCSC) as well as the Scottish government to deal with the incident. A spokesperson for the university told the BBC at the time that it was “experiencing an ongoing cyber incident which is currently affecting a number of digital systems”.

No criminal group initially came forward to claim responsibility, but today Rhysida said it was behind the breach and is auctioning off the data it took in the breach.

Deriving its name from a species of millipede, the gang was first spotted in May of this year when it launched attacks on the Chilean Army, as well as multiple organisations across the public and private sectors around the world.

The fact that the UWS data has now been posted to the gang’s blog implies that it has opted not to pay a ransom, in line with NCSC guidelines. Ransomware gangs will often threaten to publish or sell sensitive data, stolen from a victim, to the dark web to pressure them into paying, alongside offering to supply a decryption key for their encrypted systems. This is called double extortion.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Tech Monitor has contacted the University of West Scotland for comment on the cyberattack, and whether it has received or paid a ransom demand.

Cyberattacks on universities in the UK

Universities in the UK and Ireland have been frequent targets for ransomware groups. In February, the BlackCat gang attacked the University of Munster in Ireland, leading to sensitive data being published on the dark web. 

The university first detected strange behaviour on its systems on 5 February, causing it to shut down for several days. Five days later, BlackCat delivered a ransom demand that MTU says it has refused to pay.

In June, the University of Manchester was also attacked. Patrick Hackett, the university’s chief operating officer, said at the time: “It has been confirmed that some of our systems have been accessed by an unauthorised party and data has likely been copied. Our in-house experts and external support are working around the clock to resolve this incident, and to understand what data have been accessed.” 

Universities are often targeted by ransomware gangs. According to a report by Sophos released today, 79% of IT leaders in higher education providers surveyed admitted to being hit by ransomware in the past year, a dramatic increase from 64% in 2022. Of the attacks, 40% of them are due to exploited vulnerabilities, 37% to compromised credentials and 12% to malicious emails. 

According to the research, which polled a sample of 400 higher education tech executives, only 16% of universities consider themselves to be well-protected, while 73% feel that “there is more to be done”. Despite staffing issues, however, the overall cost of a data breach in an institute of higher education has gone down, from £1.42m last year to £1.06m in 2023, Sophos says.

Read more: Thales boosts cybersecurity offering with $3.6bn Imperva purchase

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.