East Central University suffers BlackSuit ransomware attack

The East Central University (ECU) of Ada, Oklahoma, has revealed that a ransomware gang launched an attack against its systems that left some computers and servers encrypted and may have also seen sensitive information stolen.

In an advisory posted on its website, ECU claims that the BlackSuit ransomware gang was unsuccessful in taking down the university's critical services but were "able to conduct a successful attack on a variety of campus computers."

ECU says that in response to the attack, it called upon the assistance of external cybersecurity experts, reset students' passwords, and reassessed its security systems.

Although ECU has not confirmed the precise nature of how the ransomware broke into the university's systems, it has said that it saw "an increase in spam/malicious emails in the days leading up to the attacks."

The full impact of the attack on February 16 is still being investigated, but ECU now says it has determined that the hacking gang may have accessed the names and Social Security numbers of some individuals.

The exfiltration of sensitive personal identifiable information clearly opens up opportunities for fraudulent activity.

This is far from the first time the BlackSuit ransomware has targeted the education sector.

For instance, late last year it claimed responsibility for a series of attacks against schools in Central Georgia, as well as the liberal arts college DePauw University in Indiana.

The BlackSuit ransomware gang most recently claimed responsibility for a cyber attack against California's Select Education Group, having compromised the sensitive personal information of approximately 70,000 individuals.

And it's not just educational organisations who need to be on the guard against the BlackSuit ransomware gang.  A US Department of Health and Human Services (HHS) advisory issued a warning late last year to the healthcare public sector that BlackSuit was "a threat actor to be closely watched in the near future."

ECU says that it "will keep its community updated" regarding any additional information unearthed about the attack. It is advising those who believe they might be affected to visit identitytheft.gov for advice on how to tell if they have fallen victim to identity theft, and what to do if their details are lost or stolen.