Texas Tech University Hit by MEOW Ransomware: Data Compromised
Incident Date:
July 26, 2024
Overview
Title
Texas Tech University Hit by MEOW Ransomware: Data Compromised
Victim
Texas Tech University
Attacker
Meow
Location
First Reported
July 26, 2024
Texas Tech University Targeted by MEOW Ransomware Group
Overview of Texas Tech University
Texas Tech University (TTU), located in Lubbock, Texas, is a prominent public research institution established in 1923. With an enrollment of approximately 40,000 students, TTU offers over 150 undergraduate and 100 graduate programs across various disciplines, including engineering, business, law, and the arts. The university is known for its commitment to research, innovation, and student success, supported by a substantial budget of around $1.5 billion in the fiscal year 2022.
Details of the Ransomware Attack
The MEOW Ransomware group has claimed responsibility for a cyberattack on Texas Tech University. The attackers allege they have accessed five extensive SQL databases containing sensitive information, including emails and passwords. The group is offering this data for sale at $600, along with a discovered website vulnerability as a bonus. This breach poses significant risks to the university's operations and reputation, given the sensitive nature of the compromised data.
About MEOW Ransomware Group
MEOW Ransomware emerged in late 2022 and resurfaced in 2024, using the Conti v2 ransomware variant. The group primarily targets organizations in the United States, focusing on industries with sensitive data, such as healthcare and education. MEOW Ransomware employs various infection methods, including phishing emails, exploit kits, and Remote Desktop Protocol (RDP) vulnerabilities. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms.
Penetration and Impact
The MEOW Ransomware group likely penetrated TTU's systems through vulnerabilities in their website or via phishing attacks. The compromised SQL databases suggest that the attackers may have exploited weaknesses in the university's database security protocols. The sale of this data on the dark web could attract attention from various entities, potentially leading to further exploitation of the university's systems and data.
Implications for Texas Tech University
This ransomware attack highlights the vulnerabilities in TTU's cybersecurity infrastructure. The breach not only threatens the privacy of students and staff but also undermines the university's reputation as a leading research institution. The incident underscores the importance of robust cybersecurity measures to protect sensitive information and maintain the integrity of academic institutions.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.