Hawaiʻi Community College Pays Ransom to NoEscape Ransomware Gang

Hawaiʻi Community College (HCC) has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. The data included personal and financial information of students, faculty, and staff.

HCC is an accredited public community college operating two campuses on the island of Hawaii and is part of the University of Hawai’i (UH), which has over 50,000 students. UH is the largest and most diverse higher education institution in the state.

On June 19th, 2023, the relatively new NoEscape ransomware gang listed UH on its extortion portal, threatening to publish 65 GB of stolen data in a week if a ransom was not paid. The gang claimed to have encrypted over 1,000 devices and exfiltrated sensitive data from UH’s network.

A day later, HCC confirmed they suffered a ransomware attack on June 13th, 2023, warning students and faculty that they shut down IT systems to prevent the spread of the malware. HCC also said they were working with law enforcement and cybersecurity experts to investigate the incident and restore normal operations.

In a statement released on July 1st, 2023, HCC announced that they decided to pay the attackers an undisclosed ransom after consulting with their insurance provider and legal counsel. HCC said they decided to protect their community members’ privacy and security and minimize the potential impact of the data breach.

“After determining that the compromised data most likely contained personal information of approximately 28,000 individuals, the University of Hawaiʻi made the difficult decision to negotiate with the threat actors in order to protect the individuals whose sensitive information might have been compromised,” explained UH in a public statement.

HCC also said they received a decryption key from the attackers and verified that the stolen data was deleted from their servers. However, HCC cautioned that there is no guarantee that the data was not copied or shared by the attackers before deletion.

Hawaiʻi Community College apologized for the inconvenience and distress caused by the ransomware attack and urged anyone affected by the breach to monitor their credit reports and bank accounts for any suspicious activity. HCC also offered free credit monitoring and identity theft protection services to those impacted by the incident.

HCC said they are taking steps to enhance their cybersecurity posture and prevent future attacks. They also thanked their students, faculty, staff, and partners for their patience and support during this challenging time.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.