Ongoing: Cyberattack potentially compromises Illini Media Company’s employee data

The+University+YMCA+and+Illini+Media+Company+is+located+at+1001+S.+Wright+St.+IMC+was+hit+with+a+cyberattack+Tuesday+morning.+

Kenyon Edmond

The University YMCA and Illini Media Company is located at 1001 S. Wright St. IMC was hit with a cyberattack Tuesday morning.

By Samantha Boyle and Matt Troher
February 17, 2021

Tuesday morning, the Illini Media Company was hit with a cyberattack that potentially compromised employee data. 

The cyberattack utilized ransomware, a form of malware that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. 

IMC was notified that hackers had broken into the servers on Feb. 16. While the attack halted print publication for the Daily Illini, WPGU remained on the air. The Daily Illini plans to return to their previous print publication schedule by Monday, Feb. 22.

This is not the first incident of this sort. In early January, IMC was hit with an attack. The DI was only publishing online at the time and IMC was able to start restoring files. The attack on Tuesday was much larger and the IMC has had less time to react.

IMC staff suspects that these two attacks are related, but there is no way to verify that.

Get The Daily Illini in your inbox!

  • Catch the latest on University of Illinois news, sports, and more. Delivered every weekday.
  • Stay up to date on all things Illini sports. Delivered every Monday.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Thank you for subscribing!

Colleges and universities have been targeted in similar cyberattacks over the past few months. Since June, large public universities such as Michigan State University, The University of Utah, and University of California, San Francisco were all targeted by ransomware attacks. UCSF made headlines by agreeing to pay the ransom, a total of $1.14 million, to recover their files. Other schools, such as Michigan State, refused to pay the ransom.

When a ransomware attack occurs, there is no way to determine whether the hackers will uphold their side of the deal in the event the ransom is paid. Alexa Helvia, an IT worker who has an interest in cybersecurity, emphasized how paying the ransom may not result in the victim obtaining back their data.

“When they try to charge you money to get (your files) back, they may or may not actually give them back to you,” Helvia said. “At that point, it’s really up to their moral compass. There are probably some cases where paying will give you some of your files back, but I would have no way of saying how common that is.”

While ransomware attacks have occurred at numerous higher education institutions, there have been no prior records of a collegiate media company being targeted. 

Bob Heren, a Senior Cybersecurity Analyst with the University’s Technology Services, speculates that institutions that handle personal information, such as higher education institutions and places of employment, are targets for ransomware attacks. 

“Any type of data that a victim would value is something that hackers would be interested in,” Heren said in an emailed statement. “They are often especially interested in financial information, trade secrets, and health data, because those will make the victim most likely to be scared or desperate enough to pay the demanded ransom.”

Illini Media staff has been in contact with law enforcement and malware companies to discuss possible options going forward.

The DI released a statement on social media Tuesday afternoon announcing the attack and the halt in print publication.

The statement, released on Twitter, Facebook and Instagram, stated that the attack also may inhibit publications after this Thursday’s planned paper.

IMC includes Illio Yearbook, The DI and WPGU.

This is a developing story. Please check The Daily Illini for further updates. 

[email protected] 

[email protected]