Hacked university warns of campus text alerts sent by ransomware group

A university in Virginia is warning students to be wary of texts being sent through the school’s mass alert system after a ransomware group messaged the entire campus about an ongoing cyberattack.

Bluefield University – a private Baptist school in Bluefield, Virginia serving about 1,000 students – published a statement on Sunday announcing that their systems “have been shut down for an unknown period of time due to a recent cybersecurity attack.”

On Tuesday, the ransomware group behind the incident used the school’s RamAlert system to send threatening messages out to all of Bluefield university’s students and employees.

“We're the Avoslocker ransomware. We hacked the university network to exfiltrate 1.2 TB of files. We have admissions data from thousands of students. Your personal information is at risk to be leaked on the dark web blog,” the hackers said. “Do not allow the university to lie about the severity of the attack."

The group threatened to leak samples of the data it stole and provided a link where the stolen information can be found.

The school published its own message on Tuesday, acknowledging that the RamAlert system had been taken over by the hackers and warning students not to click on any links provided by the hackers.

“As you know, on April 30, 2023, Bluefield University discovered a cybersecurity attack that impacted our systems. Upon learning of this issue, we immediately engaged the provider and independent third-party cybersecurity experts to assist in our review and remediation efforts, but it may be a few days before full functionality can be restored,” the school said.

“We are working through the investigation to determine the nature and extent of the incident. However, as of now, we have no evidence indicating any information involved has been used for financial fraud or identity theft.”

The school had to postpone final exams on Monday and pushed them back one day, instead holding them on Tuesday, Wednesday and Thursday. Several school systems, including email, are still unavailable.

The use of a school’s campus alert system is a previously unseen extortion tactic used by ransomware actors, who have unleashed a wave of attacks on dozens of colleges and universities in 2023.

Multiple schools have announced cyberattacks or ransomware incidents in the first four months of the year, alarming experts who warn of troves of student information being leaked onto the web.

In September, AvosLocker claimed an attack on the Savannah College of Art and Design, one of the country’s most well-known art schools.

The AvosLocker gang updated its leak site in October 2021 and created a system allowing them to auction off stolen data from organizations that refuse to pay ransoms.

An FBI advisory in March 2022 said AvosLocker operates as a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors, including, financial services, critical manufacturing, and government facilities.