Locked Out – Ransomware in Higher Education

There is a reason why just uttering the word ‘ransomware’ can make a person’s blood run cold. The impact of ransomware is immediate and potentially long-lasting. Once infected, either the device itself is locked or all files on a machine, across a connected network, on external drives, and even out into Cloud storage are encrypted. This means those files are locked. You can’t open them, they are essentially useless.

Paying the ransom, which is often from few hundred to many tens of thousands of dollars worth of bitcoin, also doesn’t mean that the promised decryption code is delivered. The FBI stated that “Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom.“

Ransomware is not always just about the money. The WannaCry ransomware attack was a major, global infection, but brought in a relatively small amount of money – around $143,000. However, the impact of the infection itself caused mayhem and disruption across the world. Infected computers in hospitals, for example, prevented drugs being dispensed and put operations on hold. In China, 4,300 educational establishments were infected by WannaCry, with students losing experimental data, theses being lost, and general disruption throughout the affected institutions.

Why is Ransomware Increasingly Affecting the Education Sector?

Ransomware is not a static threat. It is growing by leaps and bounds. Between 2016 and 2017 Ransomware attacks doubled, and look set for another dramatic increase in 2018. However, the education sector is becoming a focused target for the threat. Ransomware strains such as Defray are being used specifically against education in the UK and US. Many high profile cases have viscerally demonstrated the financial impact and disruption of ransomware within the sector. The University of Calgary was a recent such victim, paying $20,000 to decrypt affected files and get the university back to normal operation. Another victim was LA College District who ended up paying $28,000 in ransom money. It has been estimated by analysts BitSight that education is the most targeted sector, with 13% of educational establishments in 2016 experiencing a ransomware attack

Higher Education has a unique attack surface. The IT systems provide a critical infrastructure for the establishment. They need to be able to accommodate a wide demographic of students and employees who need remote access across multiple device types. Educational IT systems also must accommodate modern social media platforms and fluid, Cloud-based, content sharing. In addition Higher Education has a high concentration of intellectual property and sensitive information – not only student and employee personal data but research data and data that may have commercial sensitivity. All of this provides ripe pickings for the cybercriminal and the perfect storm for infection.

Share This
Contact Us Today!