Life University Hit by MetaEncryptor Ransomware: 18.2 GB Data Compromised

Incident Date:

August 22, 2024

World map

Overview

Title

Life University Hit by MetaEncryptor Ransomware: 18.2 GB Data Compromised

Victim

Life University

Attacker

MetaEncryptor

Location

Marietta, USA

Georgia, USA

First Reported

August 22, 2024

MetaEncryptor Ransomware Attack on Life University: A Detailed Analysis

Life University, a private institution located in Marietta, Georgia, has recently been targeted by the ransomware group MetaEncryptor. The cybercriminals claim to have exfiltrated 18.2 GB of sensitive data, posing a significant threat to the university's operations and reputation.

About Life University

Established in 1974, Life University is renowned for its focus on chiropractic education and holistic health. The university operates on a 110-acre campus and offers a variety of undergraduate and graduate programs, including the largest Doctor of Chiropractic (DC) program in the United States. With an enrollment of approximately 2,715 students and a student-to-faculty ratio of 15:1, Life University emphasizes a comprehensive educational approach that integrates theoretical knowledge with practical application.

Attack Overview

The MetaEncryptor ransomware group has claimed responsibility for the attack on Life University, asserting that they have accessed 18.2 GB of the institution's data. This breach potentially compromises sensitive information, including student records, financial data, and internal communications. The attack highlights the increasing vulnerability of educational institutions to ransomware threats, emphasizing the need for enhanced cybersecurity measures.

About MetaEncryptor

MetaEncryptor is a ransomware operation believed to have launched in August 2022. The group initially amassed twelve victims on their data leak site through July 2023. After a brief hiatus, they rebranded as LostTrust in September 2023, listing 53 victims on their new data leak site. MetaEncryptor's ransomware encryptor is based on the SFile2 ransomware encryptor, with significant code overlap between samples. The group distinguishes itself by using a data leak site template and bio similar to LostTrust, describing themselves as network security specialists with 15 years of experience.

Potential Vulnerabilities

Educational institutions like Life University are particularly vulnerable to ransomware attacks due to several factors. These include the extensive amount of sensitive data they handle, often outdated IT infrastructure, and a high level of network activity. The attack on Life University underscores the critical need for educational institutions to invest in advanced cybersecurity measures to protect against such threats.

Penetration Methods

While specific details about how MetaEncryptor penetrated Life University's systems are not publicly disclosed, common methods include phishing attacks, exploiting unpatched software vulnerabilities, and leveraging weak network security protocols. The group's sophisticated ransomware encryptor and data exfiltration techniques further complicate the defense against such attacks.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.