Data offered for sale after ransomware attack on Scottish university

The University of the West of Scotland has acknowledged it has been the victim of a successful cyberattack, reportedly perpetrated by the Rhysida gang and now being investigated by police

Data allegedly belonging to the University of the West of Scotland has been put up for auction by a cybercrime gang.

UWS said it is has been the “victim of a cybercrime” which has affected “a number” of their digital systems.

The ransomware gang known as Rhysida is demanding 20 bitcoin – the equivalent of just over £450,000 – and says data will be sold to the highest bidder. 

Police Scotland are investigating the incident, having first been alerted to the breach at the beginning of July. At this point the university’s website was down. 

While UWS is working with the police, the National Cyber Security Centre and the Scottish Government to support a criminal investigation, it has briefed staff and students “since the start of this incident” advising that “some staff data has been accessed”. 

Related content

No crime group claimed responsibility for the attack initially, but Rhysida has since said it is behind the attack and has seemingly attempted to use the compromised data to extort the university. 

The gang’s webpage, which can only be accessed via the deep web, is advertising personal data allegedly belonging to staff such as bank details, national insurance numbers, and internal university documents. 

A BBC investigation found that the listing was real but was unable to verify the authenticity of the data.

Rhysida was first observed earlier this year after it launched a cyberattack on the Chilean army. Since then, the group has attempted ransomware attacks on organisations across the world. 

According to the cybersecurity website Sentinel One, the group pose as a “cybersecurity team” looking for flaws in victims’ online defences. 

A spokesperson for the University of the West of Scotland said: “The university has been the victim of a cybercrime which has affected a number of digital systems. All appropriate steps continue to be taken to manage the situation. The incident remains an ongoing criminal investigation and we continue to work closely with the relevant authorities, such as Police Scotland, the National Cyber Security Centre and the Scottish Government, who are providing support and advice. We have also reported the incident to the Information Commissioner.”

The representative added: “Working alongside these agencies, we are following a controlled process to work towards a resolution. We have been briefing colleagues and students since the start of this incident and have advised colleagues that some staff data has been accessed. Staff continue to be contacted directly and provided with information and support. Our priority remains to ensure our university community and partners continue to be informed and supported at all times, while we work with law enforcement agencies as part of the ongoing criminal investigation.”

A Police Scotland spokesperson said: “An investigation is underway following a report of a cyber incident in Paisley. The matter was reported to police on 3 July, 2023 and enquiries are ongoing.”

This article originally appeared on PublicTechnology sister publication Holyrood

Ruaraidh Gilmour

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter