lockbit3 attacks Correo unir

Incident Date:

July 28, 2022

World map



lockbit3 attacks Correo unir


Correo unir




Piso, Colombia

Bogota, Colombia

First Reported

July 28, 2022

Ransomware Attack on Correo Unir

Company Overview

Correo Unir, a virtual university in Colombia, has been targeted by the ransomware group Lockbit3, as reported on their dark web leak site. The university operates in the Education sector and offers online education programs, including master's degrees in various fields such as law, education, and engineering. Known for its flexible programs, Correo Unir is designed to accommodate students' schedules and career goals.

Industry Standout

As a pioneer in the Education sector, Correo Unir distinguishes itself by delivering 100% online education. This approach not only facilitates a balance between studies and other commitments for students but also enables the university to cater to a broader audience and offer a more diverse range of programs than traditional brick-and-mortar institutions.


The ransomware attack underscores the digital vulnerabilities faced by educational institutions. Such attacks can severely disrupt operations, compromise sensitive data, and lead to substantial financial losses. In Correo Unir's case, the attackers likely exploited network or system vulnerabilities through phishing emails, server vulnerabilities, infected websites, or malicious online advertisements.

Response and Mitigation

In the wake of the attack, it is imperative for Correo Unir to adhere to established ransomware response protocols. This includes isolating affected systems, pinpointing the initial breach's systems and accounts, and restoring systems from backups. Furthermore, the university should bolster its defenses by implementing advanced security measures like email authentication and intrusion prevention software to thwart future attacks.

The ransomware attack on Correo Unir underscores the critical need for robust cybersecurity measures within the Education sector. Institutions must remain vigilant and proactive in safeguarding their systems and data against ransomware and other cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.