{
	"id": "4bc5f88c-14d8-469e-8c10-f72c5ecaccaf",
	"created_at": "2026-04-06T00:14:42.811186Z",
	"updated_at": "2026-04-10T03:21:54.832932Z",
	"deleted_at": null,
	"sha1_hash": "dce0d086b6a7a7e05cffc30c0b3be50720839909",
	"title": "Michigan State University network breached in ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2194212,
	"plain_text": "Michigan State University network breached in ransomware attack\r\nBy Ionut Ilascu\r\nPublished: 2020-05-28 · Archived: 2026-04-05 21:19:24 UTC\r\nMichigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the\r\ninstitution’s network will be leaked to the public.\r\nThe demand is from Netwalker ransomware-as-a-service (RaaS) operators, a group that recently started to recruit skilled\r\nnetwork intruders for their affiliate program.\r\nProof of stolen data\r\nA countdown timer on the attacker’s website shows that the university has about six days to comply or “secret data” will\r\nbecome public.\r\nhttps://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nThe site set up by the Netwalker ransomware gang gives no details about the attack but they posted images with directories,\r\na passport scan, and two financial documents allegedly stolen from the university’s network.\r\nBleepingComputer reached out to Michigan State University (MSU) for more details about the attack but received no reply\r\nat publishing time.\r\nInformation about how and when the attack happened, its impact on MSU, and the ransom demand remain unknown at this\r\ntime.\r\nAntivirus removers to disable defenses\r\nNetwalker ransomware relies on multiple programs for remote access (Team Viewer, AnyDesk), files from public code\r\nrepositories, and custom PowerShell scripts.\r\nHowever, they also use at least three legitimate tools to uninstall security software on a compromised system.\r\nResearchers at Sophos security software and hardware company shared in a report yesterday that the threat actor also used\r\nlegitimate removal tools for ESET antivirus, Trend Micro’s Security Agent, and Microsoft Security Client that is part of\r\nMicrosoft Security Essentials.\r\nApart from tools that enabled intrusion and lateral movement on the victim network, they discovered \"individual samples of\r\nthe Zeppelin Windows ransomware and the Smaug Linux ransomware as well.\"\r\nIn a trove of malicious files discovered while investigating a malware campaign from Netwalker, the researchers also found\r\nthat the attacker also leveraged several vulnerabilities for privilege escalation.\r\nOne of them is CVE-2020-0796, for which there is proof-of-concept exploit code released for local privilege escalation. It\r\ncan also be exploited for remote code execution, but the code for this is not currently available to the public.\r\nhttps://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/\r\nPage 3 of 5\n\nNetwalker ransomware group advertised recently that they were looking for new collaborators with access to large\r\nenterprise networks. The move is meant to distance themselves from malware distribution through spam, which is a common\r\nmethod.\r\nAs an incentive, the group promised affiliates huge rewards, a cut between 80% and 84% from paid ransoms. Other\r\nransomware operators typically offer up to 70% from the ransom money.\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nhttps://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/\r\nPage 4 of 5\n\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/\r\nhttps://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/"
	],
	"report_names": [
		"michigan-state-university-network-breached-in-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434482,
	"ts_updated_at": 1775791314,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dce0d086b6a7a7e05cffc30c0b3be50720839909.pdf",
		"text": "https://archive.orkl.eu/dce0d086b6a7a7e05cffc30c0b3be50720839909.txt",
		"img": "https://archive.orkl.eu/dce0d086b6a7a7e05cffc30c0b3be50720839909.jpg"
	}
}