em360tech image

The Cambridge University Press & Assessment (CUPA) announced on Thursday that they are grappling with technical disruptions following a cyber attack.

The notorious INC Ransomware group has claimed responsibility for the breach, employing a double extortion strategy—encrypting CUPA’s data and threatening to disclose it publicly if a ransom isn't paid.

A spokesperson for CUPA stated, "We recently experienced a cybersecurity incident affecting a part of our publishing operation. We took immediate action by taking some systems offline as a precaution and engaging external IT and forensic experts to investigate."

Despite the disruption, CUPA reassures that most of its external customer-facing platforms remain operational, and the current exam series is unaffected.

“The majority of our external customer-facing platforms are functioning normally, and there has been no impact on the current exam series. We are aware that a ransomware group has claimed that data relating to our organization has been published online”

This cyber attack is the latest in several incidents affecting Cambridge institutions this year. Earlier, the Medical School, University Library, and University servers experienced separate attacks. It remains unclear whether this recent breach is connected to the previous incidents.

What is CUPA?

CUPA is a prestigious institution renowned globally for its contributions to academic publishing and educational assessments. As the publishing arm and academic department of the University of Cambridge, CUPA has a storied history and a significant global presence.

With offices in over 40 countries, it is one of the oldest publishing institutions in the world. CUPA generates an impressive annual revenue of $558.4 million. The institution handles a vast volume of sensitive data, making it a prime target for cyberattacks.

Despite the disruption, the majority of CUPA's external customer-facing platforms are functioning normally, and there has been no impact on the current exam series. "We are aware that a ransomware group has claimed that data relating to our organization has been published online. We are working with external experts and authorities, including the UK’s National Cyber Security Centre, to investigate this matter thoroughly," stated a CUPA spokesperson.

Who is INC Ransomware?

INC Ransomware is a highly sophisticated cybercriminal group that has gained popularity for its strategic and targeted attacks. Formed in August 2023, this group meticulously selects its victims, often targeting organisations with significant financial resources and vast amounts of sensitive data.

Their approach typically involves double extortion—encrypting the victim’s data and then threatening to publicly disclose it unless a ransom is paid.

The INC Ransomware group took responsibility for the cyberattack on Cambridge University Press & Assessment (CUPA). They have claimed to have stolen sensitive documents, including supplier invoices, service contracts, and other confidential correspondence.

To prove their claims, they published this stolen information on their disclosure page at the end of June. The page included detailed invoices, service contracts, internal financial information, and corporate correspondence, all aimed at pressuring the victim into paying the ransom.

cambridge-university-cyber-attack

CUPA dark web page

INC Ransomware’s ability to breach well-protected organisations and its methodical approach to extortion have made it a formidable threat in the cybersecurity landscape.

Their actions underscore the urgent need for robust cybersecurity measures across all sectors, highlighting the importance of proactive defences, regular security audits, and comprehensive incident response plans.

As ransomware threats continue to evolve, staying informed and prepared is crucial for safeguarding sensitive data and maintaining organisational integrity.

What are the Implications of the CUPA Cyberattack?

The compromise of CUPA's data represents a serious threat to the publishing house and the millions of individuals and institutions that rely on its services.

The dissemination of sensitive information could have devastating consequences for CUPA's reputation, consumer trust, and the security of personal information.

This incident also highlights the growing threat posed by groups like INC Ransomware. Companies, especially those managing large amounts of sensitive data, must be prepared to respond quickly and effectively to such attacks to protect their data and maintain the trust of their customers. Implementing proactive defences, conducting regular security audits, and having comprehensive incident response plans are essential steps in mitigating the risks.

The attack on CUPA serves as a stark reminder of the dangers of cybercrime. Only through adequate preparation and rapid response can the devastating effects of such intrusions be mitigated.

Organisations must invest in cybersecurity infrastructure, employee training, and collaboration with cybersecurity experts to stay ahead of these evolving threats.

The CUPA cyberattack is a wake-up call for all sectors to bolster their cybersecurity defences. As ransomware threats continue to grow in sophistication and frequency, staying informed and prepared is crucial for safeguarding sensitive data and ensuring organisational resilience.

By learning from incidents like this, companies can better protect themselves and their stakeholders from the ever-present dangers of cybercrime.

Latest Update 

technical disruption in Cambridge latest update

A month ago, Cambridge University issued a crucial update on its website addressing the incident. The university reported that they acted swiftly to contain the breach and minimise its impact. As a precautionary measure, some systems were temporarily taken offline, but most customer-facing platforms remained operational, and the exam series was unaffected. 

The university also acknowledged claims that data had been published online and assured the public that they had taken appropriate action. Cambridge University collaborated with external experts and authorities, including the UK's National Cyber Security Centre, to investigate the breach. 

To this day, the investigation is complex and will take time to complete. However, the university committed to providing further information and updates as the situation developed.