Michigan State University Targeted by Ransomware Attack
Michigan State University (MSU), one of the US’ oldest educational institutions, was recently infected by the NetWalker ransomware. The NetWalker group is notorious for managing “leak sites,” special websites that are operated on the dark web where hackers threaten to leak data if victims to not comply to their ransom demands with a timely payment. Sometimes labeled as “Malito,” the NetWalker ransomware is designed to target enterprise (organization) networks rather than individual users.
The NetWalker operators are threatening to leak documents stolen from the university’s network on the dark web unless MSU administrators pay a ransom to decrypt their files. The ransomware group has given MSU administrators a week to pay the ransom and have already leaked five images stolen from the university’s website on the dark web; including a directory structure, a student’s passport scan, and two scans of Michigan State financial documents.
This ransomware group is taking advantage of the COVID-19 crisis by spreading the NetWalker “Malito” ransomware through Word or Excel files in COVID-19 related phishing attempts. The ransomware has also been found to disguise itself as the legitimate password management app, Sticky Password.
This group is known to use phishing or password-spraying attacks to gain access into a network. Password spraying is a style of brute-force attack that threat actors use to access a large amount of accounts without being detected. Attackers will attempt to infiltrate several accounts at once by testing a single commonly used password before continuing to attempt another password. Once compromising the network through phishing or password spraying, the NetWalker threat actors use compromised email accounts to send more phishing emails internally in order to gain access to more sensitive information.