Share this article on:
The emergency alert system of a US university has been hijacked by hackers from the Avos ransomware group, who used the system to notify students that their data had been compromised.
On 1 May, students at Bluefield University in Virginia, USA, received a text through the RAMAlert mass alert system, notifying them that 1.2 terabytes of data had been stolen and that the group would release the data if the university did not pay a ransom.
“Hello students of Bluefield University! We’re Avoslocker Ransomwar. We hacked the university network to exfiltrate 1.2 TB files,” said the texts.
“We have admissions data from thousands of students. Your personal information is at risk to be leaked on the darkweb blog.”
In addition, the hackers urged that students don’t let the university downplay the severity of the attack.
“DO NOT ALLOW the university to lie about severity of the attack! As proof we leak sample Monday May 1st 2023 18:00:00 GMT.”
Avos then shared instructions on how to install the Tor browser to access the dark web.
The texts ended by telling students to notify local media and spread word of the story.
The incident comes only days after Bluefield University delayed all exams after discovering it had been attacked by threat actors on 30 April, which affected its IT systems.
The university’s initial investigation concluded that the incident did not lead to any cases of financial fraud and told Bluefield students that they were safe to use its systems.
“As of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft,” the university said on its website.
“Faculty and students can safely use and access MyBU, Canvas, and library resources through the universities website.”
Following the threat actors contacting students through the RAMAlert system, the university released an updated statement on 1 May, saying that it was continuing to investigate.
“We discovered earlier today that the incident impacted our mass alert system, RAMAlert.
“As such, if you are contacted by anyone claiming to be involved in the incident, please don’t click on any links provided by the individual or respond.”
The university reiterated that there is “no evidence indicating any information involved has been used for financial fraud or identity theft”.
According to BleepingComputer, Avos released a sample of the stolen data, including a document relating to the universities insurance policy and a W-2 Tax Form for the institution’s president.