UGA, University System of Georgia investigating possible hack by Russian cybercriminals

The University of Georgia and the University System of Georgia are investigating whether they are victims of a Russian cyber-extortion gang's global hack of a file-transfer program.

The exploited program, MOVEit, is widely used by businesses to securely share files. In a statement to FOX 5, a spokesperson for the University System of Georgia confirmed that the USG and UGA had purchased the software to store and transfer sensitive data.

"Progress Software recently identified a zero-day defect in its MOVEit software, a vulnerability that likely allowed cybercriminals unauthorized access to information stored in the MOVEit secure repositories operating at numerous customer sites, including USG and the University of Georgia," the spokesperson said.

A photo illustration representing a computer hacker.

After getting the notification, USG staff quickly limited internet access to the software and applied a patch to fix the code.

University officials say they are now actively monitoring the situation and will be evaluating the "severity of this potential data exposure."

The Cl0p ransomware syndicate behind the hack announced last week on its dark web site that its victims, who it suggested numbered in the hundreds, had until Wednesday to get in touch to negotiate a ransom or risk having sensitive stolen data dumped online.

Known victims to date include Louisiana’s Office of Motor Vehicles, Oregon’s Department of Transportation, the Nova Scotia provincial government, British Airways, the British Broadcasting Company and the U.K. drugstore chain Boots. 

The gang, among the world’s most prolific cybercrime syndicates, claimed it would delete any data stolen from governments, cities and police departments.

This is far from the first time Cl0p has breached a file-transfer program to gain access to data it could then use to extort companies. Other instances include GoAnywhere servers in early 2023 and Accellion File Transfer Application devices in 2020 and 2021.

Cybersecurity experts say the Cl0p criminals are not to be trusted to keep their word. Allan Liska of the firm Recorded Future has said he is aware of at least three cases in which data stolen by ransomware crooks appeared on the dark web six to 10 months after victims paid ransoms.

The Associated Press contributed to this report.

GeorgiaUniversity of GeorgiaCrime and Public SafetyNewsInstastories