The University of the West of Scotland (UWS) has become the target of a severe cyber attack as a ransomware gang, known as Rhysida, demands 20 bitcoin (equivalent to £450,000) in

exchange for the confidential data stolen. UWS had initially reported a "cyber incident" earlier this month, leading to an investigation by the police. Now, the situation has escalated as the extortion group threatens to sell the sensitive data to the highest bidder.

The cyberattack has had a significant impact on UWS, affecting numerous digital systems and compromising staff data. Staff laptops were also affected, leading to a partial shutdown of around 50% of the university's IT systems and disrupting student submissions.

The incident was reported to the police on 6th July, during which the university's website was inaccessible, and an error message apologized for the inconvenience. Although initially, no criminal group claimed responsibility, Rhysida came forward, asserting their involvement in the attack and attempting to extort the university using the stolen data.

The auction listing on the gang's deep web domain includes personal information of staff, such as bank details and national insurance numbers, alongside internal university documents. While the BBC has confirmed the authenticity of the group's listing, they have been unable to verify the data's legitimacy. Cyber correspondent Joe Tidy believes the data is unlikely to be fake, as criminal gangs operate based on profit and reputation, discouraging them from faking stolen data.

A spokesperson from UWS revealed that some details remain sensitive due to the ongoing criminal investigation. The university is working closely with relevant authorities and following a controlled process to find a resolution to the situation. Efforts are being made to keep staff and students informed and supported during this challenging time.

Rhysida, the ransomware group behind the attack, first appeared in May and has been responsible for cyberattacks on various organizations globally. The group disguises itself as a "cybersecurity team" that is aiding victims by exposing weaknesses in their online security systems.

Brett Callow, a threat analyst for cybersecurity company Emisoft, suggests that Rhysida is likely hoping for payment from the university to avoid releasing the information on the dark web. The value of the data, however, may not be as significant to third parties, and its release could lead to identity fraud by other cybercriminals.

UWS has campuses in Paisley, Ayr, Dumfries, Blantyre, and London. The university is actively collaborating with the police, the National Cyber Security Centre, and the Scottish government to resolve the incident. The National Cyber Security Centre does not endorse or support ransom demands.

In light of the escalating cyber threats, UWS is not the only institution facing such attacks. Last month, the University of Manchester experienced a similar cyber attack, and several organizations, including the BBC, were impacted by a mass hack. As cyber attackers continue to target institutions worldwide, authorities and organizations must remain vigilant and take robust measures to safeguard their digital systems and data. Photo by Goodreg3, Wikimedia commons.