The Clop ransomware group posted online student data such as grades and social security numbers belonging to students of the University of Colorado. University of Miami patient data has also been leaked.
Threat actors affiliated with the Clop ransomware targeted the known flaws in Accellion FTA servers. Multiple state and private companies use these servers to share confidential files and information.
The ransomware gang demanded $10 million in bitcoin from the victims so that they would not publish the stolen data.
Since February, the Clop ransomware gang has been launching ransomware attacks exploiting vulnerabilities in Accellion FTA file-sharing servers, and in multiple cases stealing data, demanding ransoms, and publishing files.
To prove their point Clop shared screenshots of files that belonged to the University of Miami and Colorado. The screenshots of the stolen data included university financial documents, student grades, enrollment information, academic records, and students’ biographical information.
The University of Colorado (CU) confirmed that they suffered a cyberattack where threat actors stole data by exploiting the flaws in Accellion FTA.
“While the full scope has not yet been determined, early information from the forensic investigation confirms that the vulnerability was exploited and multiple data types may have been accessed, including CU Boulder and CU Denver student personally identifiable information, prospective student personally identifiable information, employee personally identifiable information, limited health and clinical data, and study and research data,” CU’s data breach notification stated.
While the University of Miami did not confirm a data breach, they shut down the secure file sharing service ‘SecureSend’ that they used. BleepingComputer found that the University’s SecureSend service also relied on an Accellion FTA server.
Meeanwhile, the Clop ransomware gang published screenshots of data belonging to patients from the University of Miami’s health system. This data included demographic reports, medical records, and a spreadsheet with contact information.
Medical records leaked by Clop (BeepingComputer)
The University of Miami said in a statement, they are currently investigating a data security incident involving Accellion.
“As soon as we became aware of the incident, we took immediate action to investigate and contain it. We also retained leading cybersecurity experts to assist with our investigation. We have reported the incident to law enforcement and are cooperating with their investigation.” They said, the incident was limited to the Accellion server did not compromise other University of Miami systems.