Ransomware actors recently posted data stolen from the University of Colorado, Boulder and the University of Miami in what appears to be more fallout from the breach of IT provider Accellion’s file-sharing application, an incident that has affected dozens of organizations spanning academia, government and the private sector.
Bleeping Computer reported that files belonging to both schools appeared on a leak site associated with a newer ransomware type known as Clop, which has appeared to target entities swept up in the Accellion breach, which was first publicly acknowledged in late January.
In a statement Tuesday, Miami officials acknowledged the university is investigating “a data security incident” involving Accellion, which it said was used only by a handful of individuals to transfer files too large to be attached to an email. The university also said the breach was limited to files that had been moved with Accellion and that other systems were not affected.
“While we believe based on our investigation to date that the incident is limited to the Accellion server used for secure file transfers, we continue to enhance our cybersecurity program to further safeguard our systems from cyber threats,” the statement read.
The University of Colorado was first notified of the Accellion hack on Jan. 25, with 447 users at the 35,000-student campus affected. While Accellion has said it’s patched the vulnerabilities in its file-transfer application, the school’s Office of Information Security has said it plans to switch to a different vendor.
The Clop ransomware incidents that have popped up since the Accellion hack was discovered appear to be linked to a group known as UNC2582, according to the security firm FireEye. The company’s research also links UNC2582 to another malicious group, UNC2546, which exploited vulnerabilities in Accellion’s FTA last December.
Other organizations that’ve been affected by the Accellion breach include Harvard Business School, the oil and gas giant Shell, the supermarket chain Kroeger, the aircraft manufacturer Bombardier and the Washington State Auditor’s office. The latter breach, which affected data associated with more than 1.6 million people, prompted a sweeping reorganization of the state’s cybersecurity governance.