author photo
By Clare O’Gara
Fri | May 29, 2020 | 8:24 AM PDT

Needless to say, 2020 has been a rough year for colleges, universities, and the students who attend them.

The rush to move courses online and send students home was the first challenge. Adjusting for a virtual graduation was the second, especially as hackers started to target digital ceremonies. And the third is the ever-evolving question surrounding normal, remote, or socially-distant fall semesters.

For Michigan State University, though, there's a fourth challenge: ransomware attacks.

NetWalker hacker threatens to expose MSU student info

One week.

That's how long the cybercriminals targeting MSU say they're giving the university to pay the undisclosed ransom.

If the university fails? The hackers claim they'll release personal student information and the college's private financial records, among other documents.

The orchestrators are using NetWalker, a form of ransomware that emerged in 2019 and is designed specifically to target larger networks, like those for companies and organizations.

NetWalker hackers approach ransomware attacks differently than some other systems. Rather than locking up the network and hoping the organization will pay, they opt to steal private data and threaten to make it public.

And NetWalker itself features a unique twist on this, according to EdScoop:

When the countdown clock hits zero, the stolen files go live.

"Uniquely, the leak site has auto-publishing functionality and a timer," said Brett Callow, an analyst with the cybersecurity firm Emsisoft. "When the time has elapsed, the data is automatically published along with the password needed to access it."

Ransomware: should you pay the bounty?

The MSU ransomware attack brings up a classic debate in cybersecurity: when hit by a ransomware attack, do you pay your hacker the ransom?

Particularly in the case of NetWalker, refusing to pay might lead to data automatically going public, even without a human being pressing a button.

At the same time, though, paying the hacker doesn't guarantee the safety of your information.

SecureWorld has covered the debate previously, revealing some interesting data about ransomware victims:

Proofpoint researchers found that nearly 70% of organizations successfully got their data back following a ransomware payment—the decryption keys worked.

But that's where the story grows dark. Look at what happened to the other 30% of those who paid a ransom:

  • 22% paid the ransom and never got access to their data.
  • 10% paid the ransom and then hackers demanded a second ransom from their organization.
  • Some organizations paid the secondary ransom demand and generally gained access to their data.
  • Most organizations in this position walked away with nothing at this point, refusing to pay a secondary ransom.

This data reveals that negotiating with hackers is a roll of the dice.