The operators of the NetWalker (Mailto) ransomware have announced today that they’ve infected the network of Michigan State University, one of the US’ oldest educational institutes.
The ransomware gang has given MSU administrators a week to pay an undisclosed ransom demand to decrypt their files.
In case MSU officials refuse to pay or choose to restore from backups, the ransomware gang is prepared to leak documents stolen from the university’s network on a special website the group is operating on the dark web.
NetWalker operators have already published five images on the site to support their claims. These include two images showing a directory structure allegedly from the university’s network, a passport scan for a student, and two scans of Michigan State financial documents.
The NetWalker group is one of the twelve ransomware gangs that manage “leak sites” where they threaten to publish data in revenge against companies that refuse to pay the file decryption fees.
Past victims of the NetWalker group include Australian shipping giant Toll and the government network of Austrian city Weiz.
The damage on MSU’s internet IT network is unclear, as students and most employees have been sent home due to the coronavirus (COVID-19) pandemic, and internal systems may not impact the university’s ability to hold virtual classes.
An MSU spokesperson did not return a request for comment seeking additional details.