Ransomware gang starts leaking data stolen from Quebec university

The LockBit ransomware gang has started releasing data it says was stolen last month from a Quebec university.

The data is from the University of Sherbrooke, with a student body of about 31,000 and 8,200 faculty and staff. Sherbrooke is a city about a two-hour drive east of Montreal.

Asked in an email to comment on the action by LockBit, university Secretary General Jocelyne Faucher referred to the institution’s Dec. 7 statement that said, “certain data from one research laboratory has been compromised.” The incident has had no impact on the university’s activities, the statement added. An investigation continues.

According to a news report on the French language Radio Canada, the university said last month it had not been hit with ransomware.

The university hasn’t said if the compromised data included personal information or intellectual property.

Threat actors go after the education sector for several reasons: First, they believe public school boards can be pressured into paying to get access back to stolen data about children. Second, they believe post-secondary institutions will be subject to pressure from students to pay for the return of stolen personal and research data.

According to Sophos’ most recent annual ransomware report, the education sector was the most likely to have experienced a ransomware attack in 2022. Eight per cent of educational institutions surveyed said they had been hit. “Education traditionally struggles with lower levels of resourcing and technology than many other industries,” the report says, “and the data shows that adversaries are exploiting these weaknesses.”

In June, Ontario’s University of Waterloo interrupted a ransomware attack after being tipped off by the RCMP. The university’s on-premises email server was compromised, but “only a tiny number of users were impacted,” the institution said. All university IT users had to re-set their login passwords.

One of the most recent cyber attacks on a Canadian university happened in December, when Memorial University’s Grenfell campus in Corner Brook, NL, was hit. According to the CBC, IT services at the Marine Institute were temporarily shut down. The start of the new semester at Grenfell had to be shifted to Monday, Jan. 8 from Thursday, Jan. 4.

All Grenfell faculty, staff and students have to change their login passwords. The university said today it has been told the campus “will likely feel the impacts of this incident for at least a few weeks.” Work includes providing laptops for faculty and staff and securing internet and Wi-Fi hotspots.

In the U.S., recent cyber attacks on the education sector included the forced IT shut down in November at Indiana’s DePauw University and an attack claimed by a ransomware gang in October at California’s Stanford University.