The University of Utah has become the latest victim of a ransomware attack to pay those behind the attack to resolve the matter, a decision that security researchers claim only encourages future attacks.

The university’s College of Social and Behavioral Science was targeted by an unnamed form of ransomware July 19 that is described as rending its servers as being temporarily inaccessible. According to a statement from the university, the attack affected only 0.02% of data on the targeted servers but that data included employee and student information.

Any data being accessed and stolen is always bad, but then it just gets weird. By the university’s own account, it managed to restore the encrypted data using backup copies and it advised students, staff and faculty to change their passwords as a precaution. But then it paid the ransom anyway.

The equivalent of $457,059.24 in cryptocurrency was said to have been paid with support of a cyber insurance provider “as a proactive and preventive step to ensure information was not released on the internet.” The university paid for part of the ransom while the cyber insurance company paid the other part. “No tuition, grant, donation, state or taxpayer funds were used to pay the ransom,” the university added.

Arguably it’s one thing to pay a ransom to gain access to critical information that has been encrypted and not backed up. It is an entirely different level of stupidity to pay a ransom to cybercriminals on the belief that it will prompt them delete the stolen data.

“The decision to pay a fairly important ransom will likely bolster sophisticated attacks against U.S. universities that are already surging,” Ilia Kolochenko, founder and chief executive officer of security company ImmuniWeb, told SiliconANGLE. “Numerous examples from the past convincingly demonstrate that hackers will not necessarily honor their nebulous promises and release the data even after being fully paid.”

Worse, he added, “given the division of labor and collaboration between different gangs on the global cybercrime market, the gang behind the ransomware attack is usually not the only one with access to the stolen data. Thus, by accepting a payment from the victim, they have no factual means to guarantee that their accomplices won’t suddenly leak the data for fun or for profit.”

Photo: Zaui/Wikimedia Commons