UNM grapples with aftermath of cyberattack
As classes start, some law school records and key data cannot be used
Classes begin Monday, and a cyberattack against the University of New Mexico School of Law is still causing havoc with some professors’ lesson plans, according to the dean.
Some professors are fine, because their important documents were cached in their computer or saved elsewhere, said School of Law Dean Sergio Pareja. But others can’t see their course notes, prior tests, articles or drafts of research papers, he said.
“This data,” he said, “it is important.”
The law school was victim of a ransomware cyberattack last month, which school officials said has blocked access to law school-specific email accounts and a file-sharing system.
Ransomware is a software that disrupts computer systems and stops those affected by it from accessing computer files, systems and networks, according to the FBI’s website. The agency said the attacks are typically followed by a demand that the victim pay a ransom in order to regain access to their computer system.
Cinnamon Blair, a spokeswoman for the university, said UNM wasn’t going to say if it had been given a specific ransom demand or talk specifically about its response to the attack.
“We are currently working through a number of data recovery efforts in response to the ransom
ware, and need to defer providing additional details that could negatively impact these efforts,” she said in an email. “We will provide additional information when we have completed our remediation and recovery efforts.”
A cyberattack against a major institution isn’t rare. There were 15 such attacks in New Mexico last year, the FBI previously told the Journal.
Ransomware has disrupted school districts in Gadsden, Taos and Las Cruces, as well New Mexico Highlands University, San Miguel County government and the city of Farmington.
In the city of Farmington’s case, hackers unsuccessfully tried to get the city to pay about $35,000 in bitcoin, according to the police, to restore access to its computer systems.
The city had staff work “around the clock” to restore services within 90 days, at an estimated cost of $200,000, according to a police spokeswoman.
The University of California San Francisco fell victim to a cyberattack earlier this summer. The school said in a statement that it was attacked in early June and the attackers launched malware that encrypted certain records within the School of Medicine.
“The data that was encrypted is important to some of the academic work we pursue as a university serving the public good,” the school said in a statement. “We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained.”
The FBI, in a recent alert about ransomware cyberattacks, said paying the money emboldens the criminals and doesn’t guarantee the victim will get their computer systems back.
Frank Fisher, an FBI spokesman, said he couldn’t confirm or deny a federal investigation into the cyber attack against UNM.