A Massive Ransomware Attack: Colorado Department of Higher Education Falls Victim

Ransomware attacks are becoming a very popular tactic among cybercriminals as of late. They infiltrate an entity’s systems, encrypt files, and ask for a ransom in exchange for decryption. Many big companies have fallen victim to such practices, and the latest one comes in the form of the Colorado Department of Higher Education.

The education department has seen its fair share of cyberattacks in the past, especially as cybercriminals tend to have an interest in the data schools and universities host.

However, this time around, the breach is huge, and a lot of data has fallen right into the threat actors’ hands. How did this breach occur? What data did the cybercriminals harvest in the process? Find out below.

The CDHE Breach – Ransomware at Its Best

As we mentioned, ransomware has become a common form of attack as its deemed beneficial to the ones behind it.

Threat actors all over the world have been targeting various sectors with such practices, including the health department.

A couple of months ago, Pharmaceutical giant – Eisai suffered a huge data breach, where attackers managed to infiltrate its systems and encrypt some of its servers.

Prior to that, several health organizations in the US were targets of Venus ransomware that underwent some upgrades to become the very aggressive GOODGAME.

Now, it’s the education sector in question, as threat actors have set their eyes on a huge pool of sensitive information belonging to teachers, current students, and even past ones.

Megan McDermott, CDHE’s Senior Director of Communications and Community Engagement, confirmed the ransomware attack to CBS.

Not only that, but she also stated that CDHE knows who’s behind it. According to CBS, the attackers managed to impact the following individuals:

• Individuals who attended a public institution of higher education in Colorado between 2007-2020
• Those who attended a Colorado public high school between 2004-2020
• With a Colorado K-12 public school educator license between 2010-2014
• Who participated in the Dependent Tuition Assistance Program from 2009-2013
• Who participated in Colorado Department of Education’s Adult Education Initiatives programs between 2013-2017
• Individuals who obtained a GED between 2007-2011

Unfortunately, while CBS got some confirmations, Megan McDermott refused to give exact information about the amount of ransom the threat actors have asked for.

However, CDHE did confirm that it has implemented all the necessary precautions to ensure the security of everyone.

“CDHE took steps to secure the network and have been working with third-party specialists to conduct a thorough investigation into this incident. CDHE also worked to restore systems and return to normal operations. “

The threat actors managed to infiltrate the systems between June 11th and June 19th. During this time, they harvested data from the department’s systems that spanned 13 years between 2004 and 2020.

We don’t know what happens next or even if CDHE is willing to pay the ransom. If any information sees the light, we’ll make sure to update this article.

Colorado Department of Higher Education (CDHE) Breach – Final Words

So far, there’s no word on who was behind the attack. No ransomware operation has claimed responsibility for the attack.

However, all the affected users should stay vigilant in the future. You never know what malicious practices the threat actors are preparing.

Even if CDHE decided to pay the ransom, it doesn’t mean that the cybercriminals are going to keep their end of the deal.