A cyber extortion gang has advertised confidential data claiming to be from a Scottish university for auction on the dark web.
The University of the West of Scotland (UWS) said on Friday it was the victim of a “cyber crime” which has affected a number of its systems.
A spokesperson confirmed that some staff data had been accessed as international ransomware group Rhysida claimed to be selling the leak.
The gang is demanding 20 Bitcoin (£450,000) for the confidential data and says it will be sold to the highest bidder.
@FalconFeedsio viaIt comes after the UWS website was shut down for several days following an “incident” on July 7.
The University, which has campuses in Paisley, Ayr, Dumfries and Blantyre, said in a statement it was working with the National Cyber Security Centre, Police Scotland and the Scottish Government following the attack.
“The University has been the victim of a cyber crime which has affected a number of digital systems,” a spokesperson said.
“All appropriate steps continue to be taken to manage the situation. The incident remains an ongoing criminal investigation and we continue to work closely with the relevant authorities, such as Police Scotland, the National Cyber Security Centre and the Scottish Government, who are providing support and advice.
“We have also reported the incident to the Information Commissioner.
“Working alongside these agencies, we are following a controlled process to work towards a resolution. We have been briefing colleagues and students since the start of this incident and have advised colleagues that some staff data has been accessed.
“Staff continue to be contacted directly and provided with information and support.
“Our priority remains to ensure our University community and partners continue to be informed and supported at all times, while we work with law enforcement agencies as part of the ongoing criminal investigation.”
As reported by threat intelligence platform FalconFeeds, ransomware group Rhysida added the University of the West of Scotland to their victim list and claim to have kept the stolen data for auction in its “darkweb portal”.
FalconFeeds said there are eight alleged victims, from a total of 32, that are educational institutions.
The gang is demanding 20 Bitcoin (£450,000) for the confidential data and says it will be sold to the highest bidder.
A spokesperson for threat intelligence platform FalconFeeds told STV News: “Rhysida ransomware group was spotted by FalconFeeds on the darkweb on May 25, 2023. No victims where listed at the time.
“They started listing victims and publishing them from June 3, 2023. Initially there were four victims from France, the UK, Australia and Switzerland.
“Then from the fifth victim onwards, they started listing the victims for auction for seven days and after that they published the data on their dark web portal. Currently there are 29 victims listed and published and three victims kept for auction in their portal – making a total victim count of 32.
“There are eight victims from the education field itself.”
A police spokesperson said: “An investigation is under way following a report of a cyber incident in Paisley. The matter was reported to police on July 3, 2023 and inquiries are ongoing.”
Follow STV News on WhatsApp
Scan the QR code on your mobile device for all the latest news from around the country
