Michigan State University is being targeted by a ransomware attack claiming to have stolen files, including financial and student information, threatening to publish them in a week if a bounty is not paid off.
Deputy Spokesperson Dan Olsen confirmed the university is aware of the possible intrusion and and is looking into it.
At this time the intrusion is believed to be isolated in one unit on campus and the affected systems and servers have been taken offline to prevent further exposure, Olsen said in a statement.
MSU IT has notified law enforcement agencies within hours of the intrusion, including the MSU Police Department and Michigan State Police to conduct a thorough investigation, he said.
The ransom demanded was not specified, but the ransomware gang is prepared to release the university's documents.
The NetWalker, a newer form of ransomeware sometimes labeled as Mailto, blog post threatened publication of 'secret' documents dated with a countdown clock with close to a week remaining.
The screenshots include two images showing a directory structure allegedly from the university's network, a passport scan for a student, and two scans of Michigan State financial documents, according to Catalin Cimpanu of ZDNet.
A post appeared on Wednesday on a blog affiliated with NetWalker, announcing the attack, according to reporting by Benjamin Freed at Edscoop.
A separate tweet shared screenshots containing a Microsoft Windows file directory with folders that appear to belong to individual users on the university’s network.
This is a developing story. In our reporting, we'll focus on verifying information from credible sources. Stay with The State News for more updates.
This story was updated at 1:10 p.m. May 28 to include a statement from Deputy Spokesperson Dan Olsen and again at 2:20 p.m. to remove reference to the Twitter account that posted evidence of the ransomware attack.