North Carolina college confirms ransomware group stole sensitive data
Jonathan Greig November 28, 2022

North Carolina college confirms ransomware group stole sensitive data

North Carolina college confirms ransomware group stole sensitive data

Guilford College in North Carolina confirmed that ransomware actors who attacked their school also stole sensitive data of students, faculty and staff.

A spokesperson for the college — which is more than 185 years old — said the attack occurred in October and law enforcement was immediately notified. The school disconnected their systems and hired outside security experts to help restore systems and investigate the incident.

“While our investigation remains ongoing, we do have evidence to suggest the unauthorized actor responsible for this incident may have illegally accessed sensitive data,” the spokesperson said. 

“In order to be as transparent as possible, we sent communications to our students, faculty, staff and parents updating them on these findings and we are working around the clock to determine what sensitive data was accessed, and we will directly notify any individuals we believe may have been affected.”

On Friday, the Hive ransomware group took credit for the attack and threatened to leak the data stolen, posting samples of what was taken on October 21. 

Guilford College’s spokesperson said it is aware of the Hive ransomware post and is working with cybersecurity experts to review the files. 

The spokesperson said these are “common tactics of these cyber criminals who have targeted organizations like ours for financial gain.”

“We regret any concern this has caused in our community and will continue to do everything we can to make this right,” the school said. 

Two weeks ago, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Department of Health and Human Services released an advisory on the Hive ransomware group, reporting that the gang has brought in more than $100 million from attacks on more than 1,300 companies worldwide from June 2021 to November 2022. 

The group forced a California healthcare facility to shut down in March and attacked Romania’s largest oil refinery proprietor in February

It has targeted a wide range of businesses and critical infrastructure sectors including government facilities, manufacturing, IT and more. Typically, Hive members have gained initial access to victims through phishing emails with malicious attachments.

According to Recorded Future’s ransomware tracker, Hive is among the top ten most active ransomware groups operating currently. 

The FBI spotlighted the group in August 2021 after their members ransomed dozens of healthcare organizations last year. 

Guilford College was one of several U.S. colleges posted to the leak sites of ransomware groups over the Thanksgiving holiday. Cincinnati State College was attacked by the Vice Society ransomware group and the BianLian gang added Centura College in Virginia. 

Dozens of colleges and universities have been attacked by ransomware groups this year, including North Idaho College on November 3. Ransomware expert Brett Callow said at least 35 colleges and universities in the U.S. have been hit this year, with at least 24 of them having had data exfiltrated and released online.

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.