8. University of Utah pays big
The University of Utah announced in August that they’d agreed to pay their cyberattackers $457,000 not to release stolen data. The stolen data, they said, represented only tiny percentage of what it held on its servers, but a cyberinsurance policy was used to cover much of the demand so as not to risk exposing the personal information of students or staff. “This was done as a proactive and preventive step to ensure information was not released on the internet,” a university statement read. Though the university didn’t disclose which group was responsible, at least one researcher blamed NetWalker.