Ransomware has moved from targeting hospitals to targeting universities. According to SentinelOne, six out of ten British universities have fallen victim to crypto virus attacks. The security firm has sent a FOI (Freedom of Information) request to 71 higher educational institutions across the UK.
Interestingly, 13 universities have refused to address the request, guided by the fact that participation would hurt their commercial interests.
FOI Results: 63% of the Universities Have Been Attacked by Ransomware
56% admit that they have been attacked by a crypto virus over the past year. What is more troubling is that a single university, the Bournemouth University, has admitted to being attacked 21 separate times throughout the course of the year!
The Bournemouth University has revealed that the attackers demanded a ransom in the size of $100. The University of Bath was extorted for 2 Bitcoin ($1,315), and the Brunel University and Bath Spa University were asked to pay 5 Bitcoin ($3288) in exchange for the decryption of their data.
Two major educational facilities admitted to not having any antivirus protection (Oxford and Kings College London). Nonetheless, even universities with reported AV software have suffered crypto virus attacks.
None of the universities approached by SentinelOne admitted to paying a ransom. The amount of demanded ransom varied from £77 to £2299 (5 bitcoins). Brunel is the only university that had the crime reported to the police. The rest of the universities chose to face the situation internally.
The highest ransom paid by a university was reported in Canada. The story goes that the University of Calgary paid $15,500 to recover encrypted data on their computers.
It is clear that public authorities are increasingly primary targets for ransomware attacks. Earlier this year another FOI request revealed that 30% of UK councils were the victims of ransomware.
Why Is Ransomware Targeting Universities?
Recent ransomware attacks all have something in common. Most of them are no longer targeting users on a random basis. Ransomware operators have embraced a new approach – they have moved from aggressive spam campaigns to targeted attacks aiming at major institutions. These attacks are typically triggered by spear phishing, RDP attacks or by compromising a single PC within the particular institution’s network.
It’s logical why attackers prefer large organizations over regular home based users. The first are much more likely to be willing to pay a larger ransom.
What does all of this mean? Major organizations can no longer afford functioning without appropriate protection. AV software is a must as well as stable backup software. SentinelOne’s research shows that universities (in the UK but possibly elsewhere) are negligent about their security. In order for the damage of ransomware and malware to be minimized, precautionary measures must be at the right place.