In a distressing move to safeguard the sensitive information of approximately 28,000 individuals, Hawaiʻi Community College confirmed paying a ransom to the NoEscape ransomware gang.
The threat actors had threatened to publish 65 GB of stolen data if the ransom wasn’t paid, prompting the college to take decisive action. With cybercriminals increasingly resorting to data leaks as leverage, the university’s decision aimed to protect its students’ personal data, even though paying ransoms doesn’t always guarantee the promised destruction of data.
To ensure the future security of their IT infrastructure, the University of Hawaiʻi is working with all ten campuses and IT system administrators to address potential vulnerabilities and implement additional security measures.
Despite the ransom payment leading to the removal of the college’s entry from the data leak site, ongoing vigilance is necessary as there’s always a risk that data might be exposed or the attackers might resurface. Students and staff are urged to take precautions, such as monitoring credit reports, changing passwords, and being cautious with suspicious emails, to mitigate any potential consequences of the attack.
The NoEscape ransomware operation, known for its double-extortion tactics, targeted both Windows and Linux systems, demanding ransoms as high as $10 million. It shares striking similarities with the Avaddon encryptor, leading experts to speculate that NoEscape could be a rebranded version of the now-defunct Avaddon ransomware.
As the aftermath of the cyber attack unfolds, Hawaiʻi Community College is focused on restoring its IT infrastructure and ensuring its students’ data is protected from further threats.
