Avos extortion gang has been captured for hacking the emergency broadcasting system of Blofield University, known as “Ramalert”, and sending SMS messages and emails to students and employees claiming that their data had been stolen and would soon be published. Blofield University, a small Baptist private university in Virginia with around 900 students, postponed all classes after reporting the cyber attack to its students and employees on April 30, 2023. The university stated that there was no evidence of financial fraud or theft of personal data.
However, on May 1, 2023, it was revealed that the AVOS group, or Avoslocker operators, still had access to the Ramalert system and were threatening to publish sensitive data online. The group had hacked the university network to extract files of up to 1.2 TB. The hackers sent messages to students and employees, stating that their personal information could end up on the Darknet. They also provided instructions for accessing the leaked site and threatened to publish all the stolen data if the university did not pay a ransom.
The cybercriminals further proved their claim by posting a sample of the stolen data on their website hosted on the Darknet. Later on the same day, the Most Maintenance Gaza published a sample of stolen data, which included the University President’s reports on wages and taxes (form W-2) and documents related to insurance policies. The AVOS group had probably used the emergency warning system to add more pressure on Blofield University for the ransom.
Blofield University confirmed that efforts to restore the affected systems were ongoing and that there was no evidence yet that students’ data had been compromised. The university urged students and employees not to click on any links or respond to the hackers’ messages. Meanwhile, authorities are investigating the cyber attack and the AVOS ransomware gang behind it.