Ransomware Attack by INC Ransom Hits University and College Union
Incident Date:
August 25, 2024
Overview
Title
Ransomware Attack by INC Ransom Hits University and College Union
Victim
The University and College Union
Attacker
Inc Ransom
Location
First Reported
August 25, 2024
Ransomware Attack on The University and College Union by INC Ransom
About The University and College Union
Established on June 1, 2006, through the merger of the Association of University Teachers (AUT) and the National Association of Teachers in Further and Higher Education (NATFHE), UCU is the largest post-school union globally. The union advocates for the rights and interests of academics, lecturers, trainers, researchers, and support staff across further and higher education institutions in the UK. UCU's primary objectives include advocating for fair pay, job security, and improved working conditions for its members. The union also campaigns against the casualisation and privatization of academic work, promoting stable employment and public funding for education.
Attack Overview
INC Ransom has claimed responsibility for the attack on UCU via their dark web leak site. The attackers allege that they have gained access to sensitive data and have posted sample screenshots as evidence. This breach highlights the vulnerabilities within educational institutions, which often lack the necessary cybersecurity infrastructure to fend off sophisticated cyber threats.
About INC Ransom
INC Ransom is a highly sophisticated cybercriminal group known for its targeted ransomware attacks on various industries, including healthcare, education, government entities, and technology companies. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. INC Ransom's modus operandi involves double extortion, where they not only encrypt data but also steal it and threaten to release it publicly to increase pressure on victims to comply with ransom demands.
Penetration and Vulnerabilities
While the specific details of how INC Ransom penetrated UCU's systems are not publicly disclosed, it is likely that the group used a combination of spear-phishing and exploiting known vulnerabilities. Educational institutions like UCU are often targeted due to their extensive databases of sensitive information and sometimes inadequate cybersecurity measures. The attack on UCU serves as a stark reminder of the evolving and sophisticated nature of cyber threats, emphasizing the importance of strong cybersecurity defenses.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.