Mount Royal University Confirms Ransomware Attack After Data Breach
Mount Royal University discloses a ransomware attack compromising sensitive data, with a $1.9 million ransom demand from the CMD Organization.
Ransomware Attack Details
Mount Royal University, a public institution located in Alberta, Canada, has disclosed that sensitive employee and student data was compromised during a ransomware attack. The breach was identified on June 17 following the deletion of two file storage systems. One system contained employee and student records, while the other was utilized for departmental data management. The incident led to disruptions in internal operations, online services, and internet connectivity, as reported by the university on June 18.
Data Compromise and Impact
A subsequent update confirmed that a ransomware group was responsible for the attack, with employee and student data from the university’s ‘H drive’ being both exfiltrated and deleted. The H drive serves as a storage solution for individual employees and students. The institution noted that the breach impacted specific folders rather than the entire drive. Affected individuals will receive direct notifications within the upcoming week.
Response and Mitigation Measures
To mitigate potential harm, the university has pledged to provide 24 months of free identity theft and credit monitoring services to all current employees and those who were employed within the past five years. The second file storage system, which was also erased during the attack, was confirmed to have remained unaffected by the breach. The university has informed the Alberta Information and Privacy Commissioner and law enforcement agencies, committing to full cooperation with ongoing investigations.
Ransom Demand and Threat Group
Details regarding the method of compromise or the specific threat actor involved remain undisclosed due to the active nature of the inquiry. However, the ransomware group known as CMD Organization has publicly listed Mount Royal University on its Tor-based leak site, asserting the theft of over 10 terabytes of data. The group has shared screenshots as evidence and is demanding a $1.9 million ransom in cryptocurrency.
Previous Attacks and Tactics
CMD Organization has previously claimed responsibility for 32 attacks, though only four have been independently verified. The group is also known to auction stolen information obtained from victims. The university’s statement coincided with the addition of its breach to the group’s leak site, highlighting the ongoing threat posed by ransomware actors.
No further details about the attack’s origin or the group’s identity have been released at this time.
Conclusion
Mount Royal University’s ransomware attack underscores the growing risks of cyber threats to educational institutions. The university’s response, including identity monitoring services and cooperation with authorities, aims to address immediate and long-term impacts. The involvement of the CMD Organization highlights the persistent challenge of ransomware groups in targeting critical data infrastructure.
