"RamAlert," an emergency broadcast system used by Bluefield University to communicate with its students and staff, has been hijacked by the Avos ransomware gang. The gang sent SMS texts and emails informing them that their data had been stolen and was in the process of being released. With more than 900 students and a small campus in Bluefield, Virginia, Bluefield is a private university.
In a recent announcement, a university in the Virginia area advises students to be cautious of texts received via the school's mass alert system. This was in response to a ransomware group alerting the entire campus that a cyberattack is taking place.
It was announced on Sunday that Bluefield University, a private Baptist school in Bluefield, Virginia that serves approximately 1,000 students, had shut down its systems for an unknown period as a result of a recent cyber-attack and that their systems would remain down for an unknown period.
According to hacker messages posted on Bluefield University's RamAlert, an app that sends text and email messages to students and faculty during school emergencies, hackers send a series of messages urging them to go over to the university's president and state their concerns.
Students and faculty members of Bluefield University were informed of a cyberattack that took place on April 30. This attack affected their IT systems and personal information. Faculty and staff had access to most university apps and websites before the incident. As a result, no evidence of identity theft or financial fraud had been reported to the University at that time.
Avos ransomware gang hijacked the university's emergency broadcast system, RamAlert, on May 1 in an attempted takeover of the system that is used for emergency broadcasts. It was done to inform students and faculty of data theft using texts and emails.
Bluefield University filed a police report on Tuesday alleging that a ransomware group had used the RamAlert system used by the university to send threatening messages to all students and staff members.
If the university's president refused to pay the ransom demanded by the ransomware group, the ransomware group threatened to continue disrupting the university.
Brett Callow shared the news on Twitter revealing that the hacker has approximately 1.2 TB of Bluefield's data. This is according to a message sent to Bluefield's student body and staff. Bluefield's president received an email alert from the hackers informing him to pay the full ransom demanded by them. The hackers instructed students and staff to pressure him to do so.
In addition, Avos Ransomware Gang's final message, or AvosLocker, implored the recipients of this malware to share the information they obtained with news outlets. This was to protect their data from exposure to the dark web. There was also an additional message which read, "Call President David Olive and tell him to pay us as soon as possible otherwise, prepare for attacks."
It is worthwhile to remember, however, that the group's goal is to leak samples of stolen data. In addition, it provides a link where users can find stolen data.
The school announced on Tuesday acknowledging that the RamAlert system had been hacked. However, it warns students not to click on any links provided by hackers and urges them not to click on emails.
Due to the sudden change in time and the school's inability to hold final exams on Monday, they were postponed and pushed back one day. They were held on Tuesday, Wednesday, and Thursday rather than Monday. School systems, including email, remain unavailable at this time.
Bluefield School officials have sent an email to all students and staff advising them not to open or transmit any links to their school accounts. These links have been sent to them. Several school systems in the area were still unavailable until a couple of days before the university's final exams, which were held in May.
It is not clear whether or not the university will consider paying the hackers, according to the spokesperson for the university.
From double extortion to triple extortion, ransomware groups have used a variety of methods to raise the stakes of their attacks on their victims. The school can accomplish this by emailing its customers, calling its partners, contacting the competition, and setting up portals with a search feature on them. This will enable it to discover data leaks.
Bluefield University was attacked by the ransomware gang known as AvosLocker, which is known for speaking Russian on underground forums. In forums such as these, a user called "Avos" has been seen recruiting hackers regularly, many of whom end up working on behalf of the organization.
A leak site maintained by the group has a list of victims from around the world that had been attacked by the group for several years. There has been an advisory published by the Federal Bureau of Investigation in the United States regarding the threat of AvosLocker. In addition to details about how the group operated in the past, recommendations on how to mitigate attacks are also included in the report.