Knox College president addresses ransomware incident as notorious group claims credit
Knox College president addresses ransomware incident as notorious group claims credit
SAMUEL LISEC Galesburg Register-Mail
GALESBURG — Hive Ransomware Group, a FBI-identified criminal organization, has claimed credit for ongoing "disruptions" to Knox College’s computer systems.
In an email sent to a number of Knox students on Wednesday, a group claiming to be Hive says it has encrypted “critical infrastructure and data,” compromised the college’s backup servers and mined sensitive personal information like medical records and social security numbers.
“In less than 24 hours , your data will be leaked on our site,” the email said. “Additionally all of your SSN and Medical records will be put for sale, for every hacker to gain access and use your data in whatever illegal activity they want.”
When asked by the Register-Mail, Knox College did not confirm whether the system disruptions have been caused by Hive or are to the extent described in the email. It is also unclear how many people received the email.
Lisa Van Riper, the Knox College president of communications, acknowledged the message from Hive in an internal email to Knox faculty, staff and students on Wednesday.
“We know that some of you have received an email from the HIVE ransomware group,” Van Riper wrote. “Please do not respond to, forward, or click on any links in the email.”
C. Andrew McGadney, the president of Knox College, addressed the ongoing “ransomware incident” but did not name the Hive group in an email Thursday to the school’s community.
“While I know this disruption has caused considerable stress and inconvenience, our team has moved as fast as possible to secure our networks and systems, and while I know it may not seem so from a distance, we are making significant progress,” McGadney wrote.
McGadney wrote that the college’s team of “experienced cybersecurity experts” has been working around the clock to restore normal operations and has already restored wireless, cloud-based and safe Google Workspace applications, like Gmail and Google Drive.
“Our systems are being fortified and we are working to ensure that when we bring all services back online that we are stronger than ever before,” McGadney wrote.
“We are hearing many questions from members of the community and are doing our best to answer questions in a timely manner. Please keep in mind that our staff are, in many cases, working through time-consuming manual processes to keep our operations running while others are working to bring systems back online.”
A joint advisory issued by the United States FBI, Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services last month identified that Hive ransomware uses a “ransomware-as-a-service model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks.”
“As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US $100 million in ransom payments, according to FBI information,” the advisory said.
Tech Target reported on Monday that at least 5 out of 24 confirmed ransomware attacks in November targeted the education sector, including two incidents in which the Hive ransomware group leaked stolen information from Guilford College in North Carolina and from the Norman Public Schools District in Oklahoma.
Lincoln College, a private liberal arts college in Lincoln, Illinois, cited a December 2021 cyber attack as one of the reasons why the 157-year-old school closed permanently in May. The college said no personal information was exposed but systems required for recruitment, retention and fundraising efforts were inoperable until March 2022.
Various internal emails from Van Riper to the Knox community — starting since at least Nov. 26 — request that faculty, staff, students and retirees reset passwords, set up two-factor authentication and turn in their college-owned devices to be scanned by the school’s ITS department.
If people have questions regarding password resets or enabling two-factor authentication, the email advises to contact the college’s help desk at [email protected] or call (309-341-7700) between the hours of 8 a.m. and 4:30 p.m.
McGadney’s email to the Knox community suggested that people review financial account statements for suspicious activity, get a copy of their credit report, consider placing a fraud alert on their credit report or issue a security freeze on their credit to prevent new credit from being opened in one’s name.
“We are still investigating to determine the scope of what happened and what information may have been involved in the incident,” McGadney wrote. “We are taking this matter very seriously and Knox is committed to protecting the privacy of all data in its possession. Should it be necessary, notification will be made and support will be made available for members of the Knox community.”
The email sent by Hive claims that the group has been engaged in “negotiations” with Knox College’s security experts, during which the ransomware group provided proof they “exfiltrated tons of data” and only Hive can decrypt the school’s files.
“They had the chance to resolve the situation , and preventing a massive leak of your sensitive data, but instead they decided to let inexperienced and foolish so called ‘experts’ cause you a huge damage,” the Hive email said. “Well done to Knox Management and the noob security experts helping them.”
SAMUEL LISEC Galesburg Register-Mail
GALESBURG — Hive Ransomware Group, a FBI-identified criminal organization, has claimed credit for ongoing "disruptions" to Knox College’s computer systems.
In an email sent to a number of Knox students on Wednesday, a group claiming to be Hive says it has encrypted “critical infrastructure and data,” compromised the college’s backup servers and mined sensitive personal information like medical records and social security numbers.
“In less than 24 hours , your data will be leaked on our site,” the email said. “Additionally all of your SSN and Medical records will be put for sale, for every hacker to gain access and use your data in whatever illegal activity they want.”
When asked by the Register-Mail, Knox College did not confirm whether the system disruptions have been caused by Hive or are to the extent described in the email. It is also unclear how many people received the email.
Lisa Van Riper, the Knox College president of communications, acknowledged the message from Hive in an internal email to Knox faculty, staff and students on Wednesday.
“We know that some of you have received an email from the HIVE ransomware group,” Van Riper wrote. “Please do not respond to, forward, or click on any links in the email.”
C. Andrew McGadney, the president of Knox College, addressed the ongoing “ransomware incident” but did not name the Hive group in an email Thursday to the school’s community.
“While I know this disruption has caused considerable stress and inconvenience, our team has moved as fast as possible to secure our networks and systems, and while I know it may not seem so from a distance, we are making significant progress,” McGadney wrote.
McGadney wrote that the college’s team of “experienced cybersecurity experts” has been working around the clock to restore normal operations and has already restored wireless, cloud-based and safe Google Workspace applications, like Gmail and Google Drive.
“Our systems are being fortified and we are working to ensure that when we bring all services back online that we are stronger than ever before,” McGadney wrote.
“We are hearing many questions from members of the community and are doing our best to answer questions in a timely manner. Please keep in mind that our staff are, in many cases, working through time-consuming manual processes to keep our operations running while others are working to bring systems back online.”
A joint advisory issued by the United States FBI, Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services last month identified that Hive ransomware uses a “ransomware-as-a-service model in which developers create, maintain, and update the malware, and affiliates conduct the ransomware attacks.”
“As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US $100 million in ransom payments, according to FBI information,” the advisory said.
Tech Target reported on Monday that at least 5 out of 24 confirmed ransomware attacks in November targeted the education sector, including two incidents in which the Hive ransomware group leaked stolen information from Guilford College in North Carolina and from the Norman Public Schools District in Oklahoma.
Lincoln College, a private liberal arts college in Lincoln, Illinois, cited a December 2021 cyber attack as one of the reasons why the 157-year-old school closed permanently in May. The college said no personal information was exposed but systems required for recruitment, retention and fundraising efforts were inoperable until March 2022.
Various internal emails from Van Riper to the Knox community — starting since at least Nov. 26 — request that faculty, staff, students and retirees reset passwords, set up two-factor authentication and turn in their college-owned devices to be scanned by the school’s ITS department.
If people have questions regarding password resets or enabling two-factor authentication, the email advises to contact the college’s help desk at [email protected] or call (309-341-7700) between the hours of 8 a.m. and 4:30 p.m.
McGadney’s email to the Knox community suggested that people review financial account statements for suspicious activity, get a copy of their credit report, consider placing a fraud alert on their credit report or issue a security freeze on their credit to prevent new credit from being opened in one’s name.
“We are still investigating to determine the scope of what happened and what information may have been involved in the incident,” McGadney wrote. “We are taking this matter very seriously and Knox is committed to protecting the privacy of all data in its possession. Should it be necessary, notification will be made and support will be made available for members of the Knox community.”
The email sent by Hive claims that the group has been engaged in “negotiations” with Knox College’s security experts, during which the ransomware group provided proof they “exfiltrated tons of data” and only Hive can decrypt the school’s files.
“They had the chance to resolve the situation , and preventing a massive leak of your sensitive data, but instead they decided to let inexperienced and foolish so called ‘experts’ cause you a huge damage,” the Hive email said. “Well done to Knox Management and the noob security experts helping them.”