Stanford University Pwned By Akira

Late last week, Stanford University issued a statement confirming a cyber incident effecting the Department of Public Safety after screenshots of the listing were shared on the web. 

The Akira ransomware gang claims to be in possession 430GBs of private information and confidential documents and is threatening to leak the information online if Stanford doesn’t pay the unspecified ransom.  

“Based on our investigation to date, there is no indication that the incident affected any other part of the university, nor did it impact police response to emergencies. The impacted SUDPS system has been secured,” said the statement. 

Stanford said the incident was related to another cybersecurity episode that occurred earlier this month when hackers had breached the University’s Department of Public Safety’s firewall. Also, earlier this year, the University was impacted by two other significant cybersecurity issues: one in February due to a system malfunction and another in April involving third-party software. 

Craig Harber, Security Evangelist: Open Systems had this to say:

   “This cyber incident may be related to several other events at Stanford University this year, including a reported breach of the University’s Department of Public Safety firewall and another incident involving third-party software. These prior incidents could indicate a stealthy campaign by the hacker to remain hidden while they covertly discover and collect sensitive information. This time between the attacker’s initial penetration and the point that the security team figures out the attacker is there is known as dwell time. Industry surveys have shown dwell time ranging from a best case of a couple of minutes to a worst case of hundreds of days. This is an eternity for cybercriminals. It’s putting pressure on security teams to do more to detect and respond to threats in real time.”

The Akira ransomware group has been busy. I have written about them here, here, here, and here. And I fully expect to be writing about them in the future as they are starting to rival the usual ransomware suspects. And that’s bad for all of us.

Leave a Reply

%d bloggers like this: