Foul Play by Ransomware Group at SUNY Polytechnic

Just a day after the Play ransomware Gang was held responsible for the December cyber attack on Rackspace Technology, the group added US-based SUNY Polytechnic institute to its victim list with details of the data they possess.

The hacker forum post hinted at possessing sensitive data such as passports, SSNs, contracts, etc. They claimed to have attacked the systems of the Utica, New York branch of the institute.

SUNY Polytechnic
Screenshot of the hacker’s post

The post received nearly 553 views at the time of writing. Though the post claims that the data was published on the new year, the publication date mentioned reads 2023-01-04.

The group appears to have personal data, such as IDs, which they may leak. No ransom amount or details about the size of the data the hackers possess was mentioned on the post.

The reputation of SUNY Polytechnic Institute

Several established professionals from various walks of life have graduated from SUNY Polytechnic institutes.

G Dogg A.K.A. Yasen Ivanov, the Bulgarian rap and hip-hop artist, Marianne Buttenschon, the American politician, Thomas Homan, a former American police officer, Güneş Taner, the Turkish politician, et al.

SUNY Polytechnic institute was named one of Fortune’s top-rated online MBA programs in 2022, and it earned a position in the top 50 national news and world report in 2022.

Renowned alumni of SUNY Polytechnic Institute

The institute also lent a hand to noble causes by giving back to local causes with fundraisers, sponsoring prizes, having near and dear ones contribute to the causes, etc. Its dedicated SUNY Poly Foundation raised nearly $14,000 to support student scholarships, among other causes.

Play ransomware group

Play ransomware assigns the .PLAY extension to encrypted files and does not leave much information about their demand or actions to the victims. It finds access usually via phishing emails opened by the target. The email contains infected attachment as either a doc file, an exe file, a pdf, rar, zip, etc.

Play ransomware group was accused of exploiting the systems of hosted exchange platform in December 2023. The attack was made using a zero-day exploit which led to tens of thousands of users being left without access to their emails. 50% of the encrypted inbox data of some users were said to be recovered.

In another cyberattack on Microsoft exchange, the ransomware group used a never-before-seen exploit to gain remote code execution with Outlook Web Access. It also bypassed Microsoft’s ProxyNotShell URL.

Besides reporting the ransomware attack to legal authorities, experts suggest decrypting using automated decryptors such as Kaspersky RakhniDecryptor as shown below:

These are third-party tools that can be tried by investigators or engineers. However, it does not guarantee any results such as the complete recovery of encrypted files.

Source link