Clop Ransomware Group Publishes Documents of Universities of Maryland, California

Clop Ransomware Group Publishes Documents of Universities of Maryland, California

On March 29, following attacks and ransom demands, the Clop ransomware group began publishing screenshots of data allegedly stolen from two US educational institutions. 

The gang posted financial documents and passport information they had previously stolen from the University of Maryland and the University of California in ransomware attacks. 

The published records belonging to the University of Maryland (UMD), show a federal tax document, requests for tuition remission, an application for the Board of Nursing, passports, and tax summaries.

Among leaked data, there was sensitive information including photos and names of individuals, home addresses, dates of birth, Social Security numbers, passport numbers, and immigration status. 

Sensitive information has been redacted

The hacker group also published screenshots of data belonging to the University of California (UC). The screenshots show names of individuals, Social Security numbers, retirement documentation, 2019/2020 benefit adjustment requests, late enrollment benefit application forms for employees, and enrollment requests for the UCPath Blue Shield health savings plan. 


Clop has been employing a ‘double-extortion’ tactic and was linked to a series of cyberattacks against businesses. 

Cybercriminals previously threatened the above Universities to make stolen sensitive data public unless their ransom demands are met.

Ransomware attacks spiked in 2020 with several universities attacked, mostly in the US and UK.

Earlier in March, the Clop group leaked data belonging to the University of Miami and Colorado. Last week, the REvil ransomware group published financial data from tech giant Acer and made the biggest ransomware demand to date of $50 million. Acer did not confirm that a ransomware attack took place, only reported IT “abnormalities.” This is despite the fact that to prove they’ve hacked Acer’s systems, the ransomware gang published various Acer documents. The documents included financial spreadsheets, bank communications, and bank balances. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.