LockBit cancels Mercyhurst University from its website: ransom paid?


At the expiry of the ultimatum imposed by LockBit 2.0 (LockBit), RESPONSIBLE FOR THE CYBER ATTACK ON THE IT SYSTEMS OF MERCYHURST UNIVERSITY IN ERIE, PENNSYLVANIA, it would be just under 5 hours but on the website of the ransomware group the name of the university has already been removed. LockBit had set the deadline for the payment of the ransom at 7:33 pm today May 22.

When does a ransomware group remove a victim’s name from their list?

There are generally two cases:

When a victim’s name is confused with another entity’s name, and it’s a mistake a ransomware group makes frequently
the victim, to avoid the publication of their data, decides to pay the ransom

SuspectFile.com has good reason to believe that LockBit got what it wanted and that to avoid the publication of data exfiltrated from its IT systems, Mercyhurst University has decided to pay the ransom.

After our May 17 article was published, the Erie News Now website also posted the news.

LockBit cancels Mercyhurst University from its website: ransom paid? 1

In the first part of the Erie News Now article we read that “in a message sent on Monday”, a message that neither SuspctFile.com nor DataBreaches.net have been able to find, the University President Dr. Kathleen Getz confirms the ransomware attack and the possible loss of data to the detriment of both students and employees of Mercyhurst.

Several Mercyhurst University servers were recently hit by ransomware, president Dr. Kathleen Getz said in a message sent Monday.

The attack affects both students and employees, Getz said. Multiple sources told Erie News Now the ransomware is impacting grades and financial aid.

Dr. Getz further states that

Officials are working with third-party forensic specialists to investigate the source of the issue, determine the impact on its systems and get everything back to normal as soon as possible

Statements that we have been able to read in dozens of other circumstances similar to this one and that fall within a “pre-packaged communication standard” used in cases of ransomware-type cyber attacks.

As DataBreaches.net reports in its article, the Pennsylvania Senate recently passed a bill banning the use of taxpayers’ money to pay a ransom.

A ban that would not apply in some cases:

  • if the Governor of Pennsylvania agrees to pay the ransom
  • in case the victim affected is a private entity

remember that Mercyhurst is a private university.

This morning, before the publication of this article, SuspectFile.com sent yet another e-mail in the hope (unfounded …) of a comment on the affair and on the recent developments.

This time the email was sent directly to Erie News Now and for information (more should increase the rate of a possible reply …) to Dr. Debbie Morton (Head of Contact Media Relations at Mercyhurst University), Dr. Scott MacDowell (News Director of Erie News Now) and Dr. Molly Somora (Reporter for Erie News Now).