Hackers hijacked a Virginia university\u2019s emergency alerts system this week and, in what appears to be a first, used it to issue threats to students and faculty: The university must pay up or their files would be leaked online.
In a series of messages sent over Bluefield University\u2019s RamAlert, which sends text messages and emails to students and faculty when there\u2019s a school emergency, hackers pushed university members to put pressure on the school\u2019s president.
\u201cWe have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog,\u201d the alerts said.
\u201cif we don\u2019t receive payment, full data leak will be published!!!!!!!!\u201d the message added.
Bluefield University, a small, private university on the border of Virginia and West Virginia, is among the long and growing list of U.S. institutions hit by ransomware hackers, who break into computer systems to then encrypt or threaten to leak files if they are not paid. The school learned of the cyberattack on their systems on Sunday, a Bluefield University spokesperson told NBC News.
On Monday, RamAlert sent out the hackers\u2019 screed, telling students that their information would be published if the school didn\u2019t pay a ransom. The messages from the hackers showed up on Bluefield students\u2019 and teachers\u2019 phones and in their emails, saying they had stolen school files and instructing them to pressure the university\u2019s president to pay the hackers.
\u201cWe don\u2019t normally get alerts unless it\u2019s about something going on, on campus such as shooter drills, classes canceled due to weather,\u201d Michaela Rose, a Bluefield University student who received the hackers\u2019 messages, told NBC News in a Facebook conversation.
\u201cWe are all pretty stressed and worried about the situation due to we don\u2019t know exactly all the details and what\u2019s really going on,\u201d she said.
In pursuit of payment, many hacking groups have become more aggressive in pressuring institutions by taking their appeals directly to people whose files are stolen. In at least one instance, hackers who attacked a Tennessee college emailed students directly, threatening them if their school didn\u2019t pay. In another, hackers who accessed extremely sensitive files of schoolchildren in Minneapolis advertised their exploits on Facebook and Twitter.
Ransomware attacks have become a near-constant scourge, targeting schools, companies and government bodies across the U.S. But Bluefield\u2019s hackers appear to be the first to use an emergency alert system to pressure a victim, said Brett Callow, an analyst at the cybersecurity company Emsisoft.
Ransomware hackers tend to use whatever tools are at their disposal to coerce victims, including encrypting their computer files, publishing stolen information on their websites and promoting their crimes.
NBC News is not naming the hacker group. School information was not published on the group\u2019s website as of Wednesday morning, though ransomware gangs frequently publish, remove and republish victims\u2019 data on their sites.
Bluefield is currently advising students and faculty to not send emails from their school accounts. The university spokesperson declined to comment on whether the school was considering paying the hackers.
Ransomware hackers are rarely publicly identified and often live outside of direct reach of U.S. law enforcement. The hacker group named in the text messages sent to Bluefield students and faculty is one that primarily speaks Russian in underground forums, said Allan Liska, a ransomware expert at the cybersecurity company Recorded Future.
Schools, which rarely invest heavily in cybersecurity, are frequent targets for ransomware hackers, even though many don\u2019t have major funds to pay their attackers. Last year, Lincoln College in Illinois became the first American college to shut down after having difficulty bouncing back from a ransomware attack.
At least 44 American colleges and universities were attacked with ransomware last year, said Callow, the Emsisoft analyst.
This week, which is finals week for many schools, the attacks are even more severe. Ransomware groups have named five other American colleges as victims since Monday, Callow said.
Bluefield, which was supposed to begin its finals on Monday, started them on Tuesday instead.<\/p>\n\n\n\n