The threat was made on Doppelpaymer’s Twitter and dark web pages. Brett Callow – a threat analyst at the cyber-security firm Emsisoft – said the initial data release was “the digital equivalent of a kidnapper sending a pinky finger”.
Dear students of the New Castle University Congratulations with an upcoming release of your personal data. What a great start of a new educational year #doppelpaymer #ransomware #malware #doppleleaks
— DoppelPaymer (@DoppelPaymer) September 7, 2020
The malware being used by Doppelpaymer is similar to software that was developed by a group known as Evil Corp. In 2019, members of Evil Corp faced charges of conspiracy and fraud, and were sanctioned by the US Treasury.
If Doppelpaymer and Evil Corp are linked, Newcastle University may not be able to pay the ransom without breaching these sanctions. Speaking to Sky News, Callow noted that “What, if any, connection exists between the operators of DoppelPaymer and Evil Corp is not clear, but cooperation between the groups has been observed”.
Callow explained “DoppelPaymer uses a double-pronged attack strategy in which the targets' data is exfiltrated prior to being encrypted”. He added “It's impossible for us to say what data may have been extracted during the attack”.
The Frequently Asked Question section of the University IT service website assures students “We have found no evidence that payroll data has been compromised and the University online payment system has not been impacted by the recent IT incident”. Speaking to the Courier, a spokesperson for the University said further details could not be divulged until investigations were concluded.
The cyber attack was carried out at the end of last month. Currently, access to the Newcastle campus is restricted, and the University is only able to offer “a very limited set of [IT] services”.
This includes Office365 (including University emails), Canvas and Zoom. The student portal S3P is still unavailable. The IT service are also advising staff and students to “copy and save business critical data and files to your OneDrive”.
A cyber attack was also carried out against Northumbria University at the end of last month. Access to the Northumbria campus was severely restricted last week, and will continue to be restricted this week.
A spokesperson for Northumbria University explained that the investigations are ongoing and at an early stage. However, Newcastle and Northumbria Universities both said that they do not believe the attacks are linked.
Featured Image: Newcastle University