FSociety Ransomware Attack on Rutgers University: Implications and Vulnerabilities

Incident Date:

May 4, 2024

World map

Overview

Title

FSociety Ransomware Attack on Rutgers University: Implications and Vulnerabilities

Victim

Rutgers University

Attacker

Flocker

Location

New Bruswick, USA

New Jersey, USA

First Reported

May 4, 2024

Ransomware Attack on Rutgers University by FSociety

Overview of the Incident

In a significant cybersecurity breach, Rutgers University, a prominent public research university in New Jersey, has fallen victim to a ransomware attack orchestrated by the cybercriminal group known as FSociety. The attack led to the exfiltration of approximately 1 terabyte of sensitive data. Following the university's failure to meet the ransom deadline, the stolen data was publicly leaked on the dark web.

Victim Profile

Rutgers, The State University of New Jersey, is the largest university in New Jersey and a leading public research institution in the United States. It offers a broad spectrum of more than 100 bachelor's, 100 master's, and 80 doctoral and professional degree programs. Rutgers is known for its robust research initiatives, particularly in medicine, engineering, and science, facilitated by its status as a land-grant, sea-grant, and space-grant institution. The university serves over 65,000 students and employs around 9,000 faculty members.

Details of the Ransomware Group

FSociety is a Python-based ransomware that emerged in 2016, inspired by the fictional hacking group from the TV show Mr. Robot. This ransomware is known for its capability to infect network shares, download and execute payloads, and employ anti-VM evasion techniques. FSociety operates as a Ransomware-as-a-Service (RaaS), allowing it to spread its impact across various sectors by enabling even those with minimal technical expertise to deploy ransomware attacks.

Potential Vulnerabilities and Entry Points

The extensive digital footprint and complex network systems of large educational institutions like Rutgers University make them attractive targets for ransomware attacks. Potential vulnerabilities could include insufficiently secured endpoints, legacy systems without up-to-date patches, and the broad attack surface presented by numerous users and devices connected to the university network.

Impact of the Attack

The release of 1 terabyte of data not only compromises the privacy of students, faculty, and staff but also potentially exposes sensitive research data, financial information, and personal identification details. The breach undermines the trust and integrity of Rutgers University's security measures and could have long-lasting reputational and financial consequences.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.