The University of Oklahoma is currently addressing unusual cyber activity that was discovered on its network. The university, with more than 34,000 students, was mentioned on the leak site of a ransomware group, which claimed to have stolen 91 MB of data. The data reportedly includes sensitive employee information, financial details, and other types of data. Following the discovery, the university took swift action, isolating certain systems and launching an investigation to determine the extent of the breach and its cause. The school has not responded to further inquiries regarding the specifics of the incident, including which systems were affected or whether a ransom will be paid.
The ransomware group behind the attack is identified as Fog, which first appeared in May 2024. This group has previously targeted various higher education institutions, taking advantage of vulnerabilities such as compromised VPN credentials. According to experts, Fog has consistently used these credentials to access the networks of its victims, exploiting weaknesses in VPN gateway systems. The breach at the University of Oklahoma fits a pattern of ransomware attacks that have been increasingly aimed at the education sector, with Fog focusing primarily on U.S.-based institutions.
Ransomware gangs like Fog often capitalize on periods when IT teams are understaffed:
Ransomware gangs like Fog often capitalize on periods when IT teams are understaffed, such as during holidays or significant breaks in the academic calendar. In the case of the University of Oklahoma, the incident occurred shortly after the university experienced a snowstorm that led to the cancellation of in-person classes. This timing is significant, as many employees were working remotely, and the disruption could have potentially made it easier for the attackers to exploit vulnerabilities in the system. These types of attacks are not only disruptive but also place immense pressure on university IT departments, which are responsible for safeguarding large amounts of sensitive data.
While the University of Oklahoma has acted to mitigate the effects of the attack by isolating the compromised systems, the university has not disclosed further details about the breach, leaving the extent of the damage uncertain. Cybersecurity researchers have emphasized the growing trend of ransomware attacks targeting the education sector, with organizations such as Fog honing in on universities due to the perceived vulnerabilities in their networks. As investigations continue, experts caution that educational institutions must bolster their cybersecurity measures, especially when faced with evolving threats from sophisticated cybercriminals.
Reference:
