- The University of the West of Scotland had private data stolen in a cyber attack
- The criminals have threatened to sell the data on dark web unless paid £450,000
Criminals behind a cyber attack on a Scots university say they will sell confidential data on the ‘dark web’ unless they are paid £450,000.
The gang is demanding the ransom after stealing files, which include personal staff details, from the University of the West of Scotland (UwS).
If the sum is not paid, it says it will sell the data to the highest bidder via its ‘dark web portal’.
Police Scotland last night confirmed it was investigating a ‘report of a cyber incident’ in Paisley on July 3 and that inquiries were ongoing.
The attack has prompted warnings of the ‘growing challenge’ of cyber attacks, which have seen companies and institutions all over the world targeted by hackers.
It is believed that the group responsible for the attack on UwS is a ransomware gang called Rhysida, which also recently hacked the Chilean Army.
It has added the university, which also had several of its digital systems damaged by the attack, to its ‘victim list’.
The gang’s dark web domain holds personal data belonging to staff such as bank details and national insurance numbers, as well as internal university documents.
The university data is on sale for 20 Bitcoin, the equivalent of £450,000, and a message states: ‘With just seven days on the clock, seize the opportunity to bid on exclusive, unique and impressive data. Leave your mail and comment. We cannot answer if your price looks like a joke.’
It is the latest major cyber attack to hit Scotland, with car dealer Arnold Clark and the Scottish Environment Protection Agency (Sepa) both hit by similar ‘ransomware’ attacks in recent years.
Arnold Clark customers had information including addresses, passports and national insurance numbers leaked on the dark web by criminal gang Play.
Sepa was targeted in December 2020, when it had more than 4,000 digital files stolen after a similar cyber attack that cost it £5.5million.
When a call was made to the UwS yesterday – more than three weeks after the attack – a call handler said they were unable to transfer calls as the systems were still down.
They were also telling people awaiting email responses ‘to wait it out as not everyone has their laptops back’.
The university confirmed the breach had ‘affected a number of digital systems’ and ‘some staff data was accessed’.
It said all ‘appropriate steps’ were being taken to manage the situation and that it was working closely with the police, the National Cyber Security Centre and the Scottish Government.
A spokesman added: ‘We have also reported the incident to the Information Commissioner. Our priority remains to ensure our university community and partners continue to be informed and supported, while we work with law enforcement agencies as part of the criminal investigation.’
READ MORE: Massive cyber attack on thousands of firms including BA and Boots sees bank and contact details exposed to hackers in huge security scare
Cyber security analyst Abrar Khan, from Aberdeen-based TechForce, said he believed one of the major issues was people’s lack of technical knowledge.
He said: ‘Everyone uses smartphones and everything is online but not everyone is so technical. Everyone is dealing with it [technology] in their daily lives. Criminals will take advantage of that and this is a growing challenge.’
He said ‘no amount of money spent on security’ will prevent attacks unless people learn how to protect their devices.
‘People should, if they are holding a device, know how to protect it,’ he said.
But while Mr Khan admitted that cyber crime was a growing problem, he said: ‘I think the UK is dealing with it better than a lot of other countries. The UK is more proactive, rather than reactive.’
Rhysida was first observed in May and is understood to have targeted a number of organisations worldwide, including the Chilean Army.
According to cyber security website SentinelOne, the gang claims it is doing its victims a favour by targeting their systems and highlighting flaws with their online security.
A spokesman for the National Cyber Security Centre said: ‘We are supporting the university.
‘The NCSC is committed to helping organisations manage their cyber security and publishes a range of expert advice and guidance.’
The Scottish Government said it was aware the university was investigating an IT security incident and that support was being provided.