Avos Ransomware Gang Hijacks Bluefield's Emergency System
Ransomware Gang Hijacks College's Emergency Broadcast System to Threaten Students
Cybercriminals took hold of Bluefield University's emergency broadcast system to send SMS messages and emails to students and staff.
By
Lucas Ropek
PublishedMay 4, 2023
Comments (1)
Alerts
Image for article titled Ransomware Gang Hijacks College's Emergency Broadcast System to Threaten Students
Photo: Tomas Nevesely (Shutterstock)
Colleges and schools are a big target for cybercriminals, so the fact that a ransomware gang hacked a university in Virginia last month isn’t exactly surprising. What is surprising is what the ransomware gang did next. In a bold move, the gang hijacked the school’s emergency communications system, using it to spam students and faculty with threatening SMS messages and boast about its recent hacking victory.
The unfortunate victim in this case—Bluefield University—is a private Baptist university located in Western Virginia. On April 30th, Bluefield disclosed to the students and faculty that it had been hacked but claimed that it didn’t yet see any evidence of “financial fraud or identity theft” as a result of the incident. Not to be outdone, the gang responsible for the hack—a group known as “Avos” (or “AvosLocker”)—decided to put its two cents in.
Related Content
Teenage Cybercrime Gang LAPSUS$ Strikes Again
0:00 / 0:55
CC
Share
Teenage Cybercrime Gang LAPSUS$ Strikes Again
60-Member Ransomware Task Force Has a Plan to Crack Down on Ransomware Criminals
2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site
On May 1st, about a day after Bluefield disclosed the hacking episode, Avos apparently used its access to the school’s network to take control of its emergency broadcast system. Bluefield uses a system dubbed “RamAlert,” which it describes as a “wireless emergency notification system created in an effort to enhance communication to students, parents, faculty, and staff during times of crisis on campus.” During the recent crisis that was the Avos ransomware attack, it wasn’t administrators who were in control of the system but the hackers—who used it to notify students and faculty alike that the university’s network had officially been pwned and its data stolen. A message sent out to campus-goers read:
“Hello students of Bluefield University! We’re Avoslocker Ransomwar. We hacked the university network to exfiltrate 1.2 TB files...We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog.”
“DO NOT ALLOW the University to lie about severity of the attack! As proof we leak sample Monday May 1st 2023 18:00:00 GMT (2:00:00 PM)“
The gang also said it would “continue attacking [the school] if BU’s president does not pay.”
Following the incident, Bluefield released another statement acknowledging that Avos had “impacted our mass alert system, RAMAlert” and warning students not to “click on any links provided by the individual or respond.”
This is a pretty unusual turn of events and a fairly theatrical move on the part of the Avos ransomware gang. Clearly it was a move designed to intimidate school administrators and cow them into giving in to the gang’s demands.
MORE FROM GIZMODO
ChatGPT Is Powered by Human Contractors Getting Paid $15 Per Hour
Microsoft's CEO Says No Raises for Full-Time Employees This Year
Mosquitoes Have Mixed Feelings About Soap, Study Finds
Robert Rodriguez Made a New Sci-Fi Movie Starring Ben Affleck. Seriously.
You could say it’s part of a broader pattern in which ransomware gangs have been growing bolder and more creative with how they execute attacks. More and more, gangs seem to be finding new ways to intimidate victims, in an effort to extract a successful ransom payment. Another example of this is a recent attack on the Minneapolis Public School system in which a gang leaked sensitive student psychological data to the web and aggressively promoted the material on traditional social media channels. Like the Bluefield incident, that one showed gangs using whatever was at their disposal to make paying the gang seem like an appealing option.
Cybercriminals took hold of Bluefield University's emergency broadcast system to send SMS messages and emails to students and staff.
By
Lucas Ropek
PublishedMay 4, 2023
Comments (1)
Alerts
Image for article titled Ransomware Gang Hijacks College's Emergency Broadcast System to Threaten Students
Photo: Tomas Nevesely (Shutterstock)
Colleges and schools are a big target for cybercriminals, so the fact that a ransomware gang hacked a university in Virginia last month isn’t exactly surprising. What is surprising is what the ransomware gang did next. In a bold move, the gang hijacked the school’s emergency communications system, using it to spam students and faculty with threatening SMS messages and boast about its recent hacking victory.
The unfortunate victim in this case—Bluefield University—is a private Baptist university located in Western Virginia. On April 30th, Bluefield disclosed to the students and faculty that it had been hacked but claimed that it didn’t yet see any evidence of “financial fraud or identity theft” as a result of the incident. Not to be outdone, the gang responsible for the hack—a group known as “Avos” (or “AvosLocker”)—decided to put its two cents in.
Related Content
Teenage Cybercrime Gang LAPSUS$ Strikes Again
0:00 / 0:55
CC
Share
Teenage Cybercrime Gang LAPSUS$ Strikes Again
60-Member Ransomware Task Force Has a Plan to Crack Down on Ransomware Criminals
2021's First Big Ransomware Gang Launches Sleek and Bigoted 'Leak' Site
On May 1st, about a day after Bluefield disclosed the hacking episode, Avos apparently used its access to the school’s network to take control of its emergency broadcast system. Bluefield uses a system dubbed “RamAlert,” which it describes as a “wireless emergency notification system created in an effort to enhance communication to students, parents, faculty, and staff during times of crisis on campus.” During the recent crisis that was the Avos ransomware attack, it wasn’t administrators who were in control of the system but the hackers—who used it to notify students and faculty alike that the university’s network had officially been pwned and its data stolen. A message sent out to campus-goers read:
“Hello students of Bluefield University! We’re Avoslocker Ransomwar. We hacked the university network to exfiltrate 1.2 TB files...We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog.”
“DO NOT ALLOW the University to lie about severity of the attack! As proof we leak sample Monday May 1st 2023 18:00:00 GMT (2:00:00 PM)“
The gang also said it would “continue attacking [the school] if BU’s president does not pay.”
Following the incident, Bluefield released another statement acknowledging that Avos had “impacted our mass alert system, RAMAlert” and warning students not to “click on any links provided by the individual or respond.”
This is a pretty unusual turn of events and a fairly theatrical move on the part of the Avos ransomware gang. Clearly it was a move designed to intimidate school administrators and cow them into giving in to the gang’s demands.
MORE FROM GIZMODO
ChatGPT Is Powered by Human Contractors Getting Paid $15 Per Hour
Microsoft's CEO Says No Raises for Full-Time Employees This Year
Mosquitoes Have Mixed Feelings About Soap, Study Finds
Robert Rodriguez Made a New Sci-Fi Movie Starring Ben Affleck. Seriously.
You could say it’s part of a broader pattern in which ransomware gangs have been growing bolder and more creative with how they execute attacks. More and more, gangs seem to be finding new ways to intimidate victims, in an effort to extract a successful ransom payment. Another example of this is a recent attack on the Minneapolis Public School system in which a gang leaked sensitive student psychological data to the web and aggressively promoted the material on traditional social media channels. Like the Bluefield incident, that one showed gangs using whatever was at their disposal to make paying the gang seem like an appealing option.
