DoppelPaymer Gang Claims Responsibility for Newcastle University Issues | Tripwire

DoppelPaymer Gang Claims Responsibility for Newcastle University Issues

Posted on September 8, 2020
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
The DoppelPaymer ransomware gang claimed responsibility for a digital security incident that affected Newcastle University's network and systems. In a news release published on its website, Newcastle University revealed that it had begun experiencing issues with several of its IT systems on August 30. Those issues rendered all services inoperable except for the university's Office 365 infrastructure (including email, apps and Teams accounts) and its Canvas virtual learning environment. Officials at Newcastle subsequently launched an investigation to determine what had happened. This effort was ongoing as of 17:00 local time on September 7. Along the way, the university published a Frequently Asked Questions (FAQs) page in which it disclosed that it had suffered a "serious cyber incident." The university revealed that it had subsequently activated its incident response team and taken steps to protect data stored on its systems. Even so, university officials didn't elaborate on the details of the incident. They also didn't confirm whether the security event had compromised faculty and staff members' personal information. As quoted on the FAQs page:
The investigation into the incident is still at an early stage. IT colleagues continue to work hard on the systems recovery plan, and to support the Police and the National Crime Agency with their enquiries. Please be assured we take the security of our systems extremely seriously and we were able to respond quickly to this incident. This is now the subject of a Police investigation and our team in NUIT is working extremely hard with a number of agencies to address the issue.
It appears that the issues at Newcastle University could be related to a ransomware incident. As reported by Bleeping Computer, the gang behind the DoppelPaymer ransomware family published a post for the university on its data leaks site. That post contained 750 Kb of stolen data as evidence of having attacked the school.
Screen-Shot-2020-09-08-at-07.30.04.png
A screenshot of the Newcastle University posting on the Doppel Leaks site. (Source: Bleeping Computer) It remains to be seen whether Newcastle University elected to meet the DoppelPaymer actors' demands. News of this attack comes several months after DoppelPaymer ransomware allegedly struck a U.S. coastal city in Los Angeles County by stealing its unencrypted data and then encrypting its devices.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!