Home > Ransomware > 63% of UK Universities Attacked by Ransomware, FOI Request Reveals

63% of UK Universities Attacked by Ransomware, FOI Request Reveals


Ransomware has moved from targeting hospitals to targeting universities. According to SentinelOne, six out of ten British universities have fallen victim to crypto virus attacks. The security firm has sent a FOI (Freedom of Information) request to 71 higher educational institutions across the UK.

Did you know? The Freedom of Information Act 2000 provides public access to information held by public authorities in two ways:

  • public authorities are obliged to publish certain information about their activities;
  • members of the public are entitled to request information from public authorities.

Interestingly, 13 universities have refused to address the request, guided by the fact that participation would hurt their commercial interests.

FOI Results: 63% of the Universities Have Been Attacked by Ransomware

56% admit that they have been attacked by a crypto virus over the past year. What is more troubling is that a single university, the Bournemouth University, has admitted to being attacked 21 separate times throughout the course of the year!

The Bournemouth University has revealed that the attackers demanded a ransom in the size of $100. The University of Bath was extorted for 2 Bitcoin ($1,315), and the Brunel University and Bath Spa University were asked to pay 5 Bitcoin ($3288) in exchange for the decryption of their data.

Related: Bitcoin and Ransomware, Chicken or the Egg

Two major educational facilities admitted to not having any antivirus protection (Oxford and Kings College London). Nonetheless, even universities with reported AV software have suffered crypto virus attacks.

None of the universities approached by SentinelOne admitted to paying a ransom. The amount of demanded ransom varied from £77 to £2299 (5 bitcoins). Brunel is the only university that had the crime reported to the police. The rest of the universities chose to face the situation internally.

The highest ransom paid by a university was reported in Canada. The story goes that the University of Calgary paid $15,500 to recover encrypted data on their computers.

It is clear that public authorities are increasingly primary targets for ransomware attacks. Earlier this year another FOI request revealed that 30% of UK councils were the victims of ransomware.

Why Is Ransomware Targeting Universities?

Recent ransomware attacks all have something in common. Most of them are no longer targeting users on a random basis. Ransomware operators have embraced a new approach – they have moved from aggressive spam campaigns to targeted attacks aiming at major institutions. These attacks are typically triggered by spear phishing, RDP attacks or by compromising a single PC within the particular institution’s network.

It’s logical why attackers prefer large organizations over regular home based users. The first are much more likely to be willing to pay a larger ransom.

What does all of this mean? Major organizations can no longer afford functioning without appropriate protection. AV software is a must as well as stable backup software. SentinelOne’s research shows that universities (in the UK but possibly elsewhere) are negligent about their security. In order for the damage of ransomware and malware to be minimized, precautionary measures must be at the right place.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share