October 30, 2023 at 10:53AM
Stanford University is investigating a cybersecurity incident after being attacked by the Akira ransomware group. The group claimed to have stolen 430 GB of data. The attack appears to be limited to the Department of Public Safety. This is the third ransomware attack on Stanford in recent years. Akira is a newly active ransomware-as-a-service operation with skilled operators that may be connected to the Conti group. The investigation is ongoing, and more information will be shared once it is completed.
Key takeaways from the meeting notes:
1. Stanford University is currently investigating a cybersecurity incident involving the Akira ransomware group.
2. Akira claims to have stolen 430 GB worth of data from Stanford University.
3. The attack seems to be limited to one system at Stanford’s Department of Public Safety (SUDPS), the on-campus police department.
4. Stanford University’s privacy and information security teams are working with outside specialists to investigate the incident.
5. At this stage, there is no evidence to suggest that the incident affected other parts of the university or emergency response operations.
6. This is the third ransomware attack that Stanford University has experienced in recent years, with the previous incidents involving the Cl0p ransomware group and the compromise of Accellion FTA.
7. Akira is a relatively new ransomware group believed to have highly skilled operators and potential links to the Conti group and the Ryuk ransomware group.
8. The BHI Energy case provides insight into how an Akira ransomware attack played out, involving the use of stolen VPN credentials and file encryption.
9. Akira’s ransomware payload is known to remove volume shadow copies and append the “.akira” extension to encrypted files.
Please note that the situation is still under investigation, and more information will be shared once available.