Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

University alert system commandeered by hackers to declare threats

The emergency alert system of a US university has been hijacked by hackers from the Avos ransomware group, who used the system to notify students that their data had been compromised.

user icon Daniel Croft
Mon, 08 May 2023
University alert system commandeered by hackers to declare threats
expand image

On 1 May, students at Bluefield University in Virginia, USA, received a text through the RAMAlert mass alert system, notifying them that 1.2 terabytes of data had been stolen and that the group would release the data if the university did not pay a ransom.

“Hello students of Bluefield University! We’re Avoslocker Ransomwar. We hacked the university network to exfiltrate 1.2 TB files,” said the texts.

“We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog.”

In addition, the hackers urged that students don’t let the university downplay the severity of the attack.

“DO NOT ALLOW the university to lie about severity of the attack! As proof we leak sample Monday May 1st 2023 18:00:00 GMT.”

Avos then shared instructions on how to install the Tor browser to access the dark web.

The texts ended by telling students to notify local media and spread word of the story.

The incident comes only days after Bluefield University delayed all exams after discovering it had been attacked by threat actors on 30 April, which affected its IT systems.

The university’s initial investigation concluded that the incident did not lead to any cases of financial fraud and told Bluefield students that they were safe to use its systems.

“As of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft,” the university said on its website.

“Faculty and students can safely use and access MyBU, Canvas, and library resources through the universities website.”

Following the threat actors contacting students through the RAMAlert system, the university released an updated statement on 1 May, saying that it was continuing to investigate.

“We discovered earlier today that the incident impacted our mass alert system, RAMAlert.

“As such, if you are contacted by anyone claiming to be involved in the incident, please don’t click on any links provided by the individual or respond.”

The university reiterated that there is “no evidence indicating any information involved has been used for financial fraud or identity theft”.

According to BleepingComputer, Avos released a sample of the stolen data, including a document relating to the universities insurance policy and a W-2 Tax Form for the institution’s president.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.