PA: Ransomware group claims to have hit Mercyhurst University
You may need to add Mercyhurst University in Pennsylvania to any list of post-secondary educational entities hit by ransomware.
SuspectFile notes that the university has not confirmed any breach and LockBit has not posted any proof (yet?). But SuspectFile notes the irony that one month after one of the university’s four colleges participated in Cyber Impact 2022 and patted themselves on the back for their work in cybersecurity, the university seems to have been hit.
As of this morning, there is no statement on the university’s website or Twitter account about any breach. LockBit’s listing claims that it will publish “all data” (which they claim is 300 GB) in a little more than 5 days from now.
Readers may remember that Pennsylvania recently passed a Senate bill prohibiting the use of taxpayer funds to pay any ransom unless the governor approved it. Because the university is a private university, that prohibition would not apply.
May 22 Update: See SuspectFile’s update. It seems the listing on LockBit has been removed, which might mean that the university paid or is negotiating payment, but may also mean that the threat actors are being uploading data for that listing, as it is now 5 days from when they gave a five day deadline.