Akira, the notorious ransomware gang, listed Stanford University as the target of a ransomware attack. The university has since confirmed the cybersecurity incident.
Screenshots of the listing were shared on the web, where Akira said – after calling Stanford “known for its entrepreneurial character” – that the institution will soon be known for 430GB of internal data leaked online.
Akira claims to be in possession of private information and confidential documents and is threatening to leak the information online if Stanford didn’t pay an unspecified ransom.
Stanford quickly confirmed that the incident was related to another cybersecurity episode earlier this month when hackers had breached the Stanford University Department of Public Safety’s (SUDPS) firewall.
“We are continuing to investigate a cybersecurity incident at the Stanford University Department of Public Safety (SUDPS) to determine the extent of what may have been impacted,” the university said in a statement.
“Based on our investigation to date, there is no indication that the incident affected any other part of the university, nor did it impact police response to emergencies. The impacted SUDPS system has been secured.”
The SUDPS processes and stores data on personnel, case reports, risk evaluations, and crime involving students, faculty, and other community members. It is so far unclear how much of this data was lost or encrypted by the ransomware.
Akira is a relatively new ransomware family, first discovered in the wild in March 2023. The gang takes its name from a Japanese cyberpunk manga of the same name.
According to Ransomlooker, a Cybernews tool for monitoring the dark web, Akira has listed 45 victims since it started operating and is tied to several dozen attacks across organizations in the United States and Canada.
The group’s operations are quite consistent: demanding ransom payments ranging from $200,000 to $4 million, and publishing data online if payment is not fulfilled.
In July 2023, researchers at Avast, a cybersecurity firm, released a decryptor for the Akira ransomware used in several incidents. However, it only combats the Windows version of the ransomware, and Akira also targets Linux-based systems with a specifically developed strain of malware.
More from Cybernews
Subscribe to our newsletter