The particular Clop ransomware team offers posted economic paperwork plus passport information allegedly from the College or university associated with Baltimore as well as the College of California on the internet.
On Walk twenty nine, the particular danger actors started posting screenshots associated with data allegedly stolen from your US ALL educational institutes.
These types of screenshots, including records that will apparently are part of our own University of Maryland (UMD), show a federal tax document, requests for tuition remission paperwork, a software for the Board of Nursing, passports, and tax summary documents.
The leaked data snapshots exposed painful and sensitive information points including the photos and names of people, home addresses, Social Security numbers, immigration status, dates of birth, and passport numbers.
Sensitive information has been redacted within the screenshots below.
The University of California (UC) also has been subject to exactly the same group’s tactics.
Screenshots published from the group, viewed by ZDNet via Kela ‘s threat intelligence suite Darkbeast, include lists of people and their Social Security numbers, retirement documentation, and 2019/2020 benefit adjustment requests.
In addition , the leaked data seems to include late enrollment benefit license request forms for employees and UCPath Blue Shield health savings plan enrollment requests.
Clop continues to be associated with a string of cyberattacks against organizations. Clop is one of several threat groups which will employ a ‘double-extortion’ tactic, in which ransomware might be deployed on the compromised machine first, and the cybercriminals threaten in making corporate or painful and sensitive stolen datasets public on the leak site unless blackmail demands are met.
Early in the day this month, the girls leaked data allegedly belonging to the University of Miami and Colorado.
On a single day, records allegedly belonging to Shell were also posted on the web. The oil giant unmasked that a cyberattack had occurred with the compromise of Accellion FTA servers earlier in the day this month.
On March 22, the REvil ransomware group published what appears to be financial data from tech giant Acer following a ransomware incident. Acer was subject to a $50 million ransom demand, of which it is not known if any such thing was paid. The organization did not make sure a ransomware attack occurred but did declare IT “abnormalities” have been discovered.
The University of Maryland as well as the University of California have not taken care of immediately multiple requests for comment by the time of publication.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or higher at Keybase: charlie0