THE University of Buenos Aires managed to get part of its systems back online after suffering a ransomware cyber attack, a type of malicious program that cybercriminals use to encrypt information, make it inaccessible and demand a ransom in return. In addition to abolishing the Guaraní system used by students to manage their subjects, teachers received the deposit bonus this Friday, which has caused concern ever since The payment system (Pilagá) was also affected.
On Thursday last week, servers at part of the school were compromised, preventing teachers and students from managing grades, enrolling in summer classes and more. In a general email on Monday, authorities warned teachers that they would not be able to operate online in systems like this Guarani.
The University confirmed this Clarion that the intrusion had been detected in UBA data center, which is why they isolated the affected computers to identify the scope of the ransomware. The compromised servers were located in the university’s Windows environment. In one week they managed to restore part of the systems and generate a manual alternative for some types of problems, which is noteworthy since, in general, this process It can take weeks or even months.
On Friday the situation began to regularize for teachers. As Clarín was able to confirm, you could enter the Guaraní system and the bonuses were deposited throughout the day.
The teachers received a message updating what had happened: “Dear teachers, good news: yesterday evening it was possible to restore the functioning of the SIU Guarani. We will therefore not publish the notes on Campus, to prevent the complete lists from circulating. We ask that you upload any missing notes today if possible, as review requests are now open. Please let us know as the minutes close. Thank you very much for your excellent disposition and collaboration, which allowed us to move forward in this unexpected situation.”
As for UBA XXIthe distance education system which is mainly based on its online system, “is working, Children can see their grades, sign up and some grades need to be uploaded but they are uploaded”, explained the UBA when requested by this media. DOSUBA, the university social assistance, “has guaranteed manual payment to all providers so that benefits are not cut,” they said. “We estimate that on Tuesday or Wednesday the system will be in better condition, but alternatives have been sought to ensure services through alternative channels,” they added.
It is not yet clear how the cybercriminals got in to distribute the ransomware, but internal versions suggest that the Fortinet license – a software widely used in the State to protect systems -, I was defeated.
Contacted in this way, Fortinet, which collaborates with the UBA for the restoration of the systems, clarified: “In an extremely restrictive and challenging context for economic regulation in Argentina, over the last year we have granted multiple extensions once the deadline of renewal, in all cases for which customers were in the formal process purchase of said renewal, even if this process has been delayed”.
What type of malware hit them?
Education is one of the most attacked sectors. Ferdinand of the OrderRansomware is a type of malicious program (malware) that encrypts information to make it inaccessible, extorts money, and demands a ransom in cryptocurrency in exchange for returning the data. If the victim refuses to pay, cyber criminals also publish the stolen information on the site dark web through a second extortion, affect the reputation of the attacked entity. The key, in these cases, also has to do with good backups or backups of information, although restoring systems is something that can take weeks.
It is currently unknown which group had access to the systems and what amount they are demanding. In Argentina in 2023, two cybercriminal gangs took center stage: Rhysida, which attacked PAMI in August, and Medusa, which exposed internal information from the National Securities Commission.
“LockBit, Hive and BlackCat (ALPHV) have been responsible for the majority of attacks in the region, which can occur through malicious links, lack of backups and poor investment in cybersecurity,” contextualized Dario Opezzo, Regional Sales Manager of the security company computer science Palo Alto Networks. Locking vice was known for attacking the OSDE last year; He hive, for attacking Artear and being dismantled earlier this year.
Education is a sector heavily attacked by cybercriminals. According to the World Economic Forum, until the middle of this year, the education sector topped the list of cyber attacks, followed by the government or government institutions and healthcare in third place.
Some organized ransomware groups have rules against attacks on educational and healthcare institutions, while others make no distinction between their targets.
“Attacks on higher education centers in the United States increased more than 60% compared to 2022 and more than 170% compared to 2021. I would not be surprised at all if attacks on education sectors in other countries also increased,” explained Brett Callow, threat analyst at Emsisoft, in dialogue with this medium.
“Why are schools being attacked? Probably because they are relatively easy targets and have proven willing to pay. Cybercriminals are predictable. If they find a specific sector profitable, they will attack it again and again,” she concluded.
In this case, UBA’s internal work managed to restore calm to a situation that could have been extremely serious and resolved in record time which took other entities weeks.
Source: Clarin
Linda Price is a tech expert at News Rebeat. With a deep understanding of the latest developments in the world of technology and a passion for innovation, Linda provides insightful and informative coverage of the cutting-edge advancements shaping our world.