avoslocker attacks Bluefield University

Incident Date:

May 2, 2023

World map



avoslocker attacks Bluefield University


Bluefield University




Bluefield, USA

Virginia, USA

First Reported

May 2, 2023

The AvosLocker Ransomware Attack on Bluefield University

The AvosLocker ransomware gang has claimed responsibility for an attack that has crippled internet and other services at Bluefield University. The attackers also appear to be in control of the university's “RamAlert” emergency notification system, blasting messages to the impacted students and staff that imply they have exfiltrated sensitive data.

Messages state the attackers have “hacked the university network to exfiltrate 1.2 terabytes of files,” and that they “will continue attacking if BU’s president does not pay,” but did not say how much they are demanding for ransom.

FBI Issues Alert on AvosLocker

The FBI issued an alert about AvosLocker activity back in March 2022 indicating that the group has “targeted victims across multiple critical infrastructure sectors in the U.S. Including...The financial services, critical manufacturing, and government facilities sectors.”

Bluefield University's Response

“As you know, on Sunday, April 30, 2023, Bluefield University discovered a cybersecurity attack that impacted our systems. Upon learning of this issue, we immediately engaged independent third-party cybersecurity experts to assist in our review and remediation efforts, but it may be a few days before full functionality can be restored,” a statement from BU school officials said.

“We are working through the investigation to determine the nature and extent of the incident. However, as of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft.”

Student Reactions

We talked to two students over the phone who wanted to remain anonymous. While they expressed concerns about their personal information being leaked, they were also optimistic about the university’s response.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.