[ad_1]
The PEAR hacking group, short for “Pure Extraction and Ransom,” has claimed responsibility for a major cyberattack targeting Monmouth University. According to the group, it infiltrated the university’s servers earlier this month and exfiltrated approximately 16 terabytes of sensitive data.
Unlike traditional ransomware attacks, PEAR stated that it chose not to encrypt the stolen data. The group argued that encryption has become less effective in recent years, as advances in automated tools have enabled authorities to develop decryption keys more quickly. Instead, the group appears to be focusing solely on data theft and extortion.
University President Patrick Leahy confirmed the incident in an email sent to students and staff. He noted that law enforcement agencies have been notified and that an external cybersecurity firm has been engaged to investigate the breach and assess its impact.
The incident was first reported by Comparitech, a UK-based technology research organization. In its analysis, Comparitech highlighted a growing trend among cybercriminal groups toward “double extortion,” where attackers steal data and threaten to release it unless a ransom is paid, rather than relying on encryption alone.
Rebecca Moody, head of research at Comparitech, emphasized the scale of the breach, stating that the 16TB of stolen data is roughly 28 times larger than the average data theft observed in cyberattacks. She also warned that combating cybercrime is becoming increasingly difficult, particularly with the rise of AI-driven tools that can rapidly generate sophisticated malware.
Meanwhile, the PEAR group claims to have targeted 64 organizations so far. Of these, only 13 have publicly confirmed data breaches, including two community colleges. The incident underscores the evolving tactics of cybercriminals and the growing challenges institutions face in safeguarding digital assets.
Taking proactive security measures is the only solution to curb this digital crime. And in case, if crime takes place, paying criminals is a strict NO as per the law enforcement. Instead inform the authorities as it helps in nabbing the criminals before they could transform themselves into a bigger crime groups like LockBit, Lazarus and such.
Join our LinkedIn group Information Security Community!
[ad_2]
