Stanford University investigating cyberattack after ransomware claims


Stanford University is investigating a cybersecurity incident within its Department of Public Safety after a ransomware gang claimed it attacked the school on Friday.

A spokesperson for the university directed Recorded Future News to a statement published late on Friday afternoon explaining that it is in the process of figuring out the details of the incident.

“We are continuing to investigate a cybersecurity incident at the Stanford University Department of Public Safety (SUDPS) to determine the extent of what may have been impacted,” the school said.

“Based on our investigation to date, there is no indication that the incident affected any other part of the university, nor did it impact police response to emergencies. The impacted SUDPS system has been secured.”

They added that their information security teams are looking into the incident alongside outside specialists. Once the investigation is completed, they said, they would share more information.

On Friday morning, the Akira ransomware gang claimed it attacked Stanford University and stole 430 gigabytes of data.

The gang has been behind several attacks on U.S. colleges and K-12 schools this year after emerging in March.

Researchers from cybersecurity companies Avast and Arctic Wolf have found multiple pieces of evidence tying the operation Conti — a now-defunct ransomware group accused of launching several high-profile attacks on governments around the world.

Arctic Wolf said the group has compromised at least 63 victims since beginning operations. A decryptor for the ransomware was released by Avast in July but the group has not stopped launching attacks.

Stanford University is the latest major U.S. school to face down ransomware attackers in recent weeks after the University of Michigan was forced to sever internet access to stop an attack in August.

Stanford University previously dealt with a cybersecurity incident in 2021, when the Clop ransomware gang stole and leaked personal information obtained through a vulnerability in the Accellion File Transfer Appliance (FTA) software.

The breach involved Social Security numbers and more taken from Stanford Medicine.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

In Chernihiv, a project preserving the past — with technology of the future

Next Post

Internet access severed in Gaza as IDF announces ‘expanding’ ground operation

Related Posts

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to "This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
Read More