Higher education has been targeted by the booming business of ransomware. Ransomware is, “…computer malware that installs covertly on a victim’s computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to restore it. Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requiring payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them (2016, Wikipedia).”
Here is some general information of interest:
- “Ransomware is really profitable, there is very little risk, and you don’t have to resell the data anywhere. It’s pure profit.”
- Symantec Security Response group has seen a 300% increase in ransomware attacks in 2016 over 2015
- Per the FBI, ransomware is on pace to be a $1 billion dollar business in 2016
- Initially targeted average home users but is shifting to corporate users as they can both afford to pay higher ransoms, and are less likely to be able to weather a complete loss of their systems.
- Targeting specific areas like education, healthcare, emergency services like police and EMS.
Tips for businesses and consumers
- New ransomware variants appear on a regular basis. Always keep your security software up to date to protect yourself against them. [DoIT is responsible for DSA managed workstations]
- Keep your operating system and other software updated. Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers. [DoIT is responsible for DSA managed workstations]
- Email is one of the main infection methods. Delete any suspicious-looking email you receive, especially if they contain links and/or attachments. [DSA users are responsible]
- Be extremely wary of any Microsoft Office email attachment that advises you to enable macros to view its content. Unless you are absolutely sure that this is a genuine email from a trusted source, do not enable macros and instead immediately delete the email. [DSA users are responsible]
- Backing up important data is the single most effective way of combating ransomware infection. Attackers have leverage over their victims by encrypting valuable files and leaving them inaccessible. If the victim has backup copies, they can restore their files once the infection has been cleaned up. [DoIT and DSA users are responsible]
The average user
In cybersecurity, people are considered the weakest link. They are also both the most abundant resource and the most susceptible target. Users who are easily pressured or who are not fluent in technical solutions to ransomware are the most viable targets.
Individual users are targeted because in the digital era, much of our knowledge, work, and personally valuable objects (photos, music, etc.) are stored on whatever Internet-enabled device we rely on.
DHS and the Multi-State Information Sharing and Analysis Center warn that cyberattacks against law enforcement, fire departments, and other emergency services are increasing. Targets such as these, for whom lost access to systems could cost lives, are juicy targets for ransomware threat actors.
Around Feb. 5, 2016, systems belonging to the Hollywood Presbyterian Hospital Medical Center was infected with the Locky ransomware. After 10 days, the administration paid attackers 40 Bitcoins ($17,000) to release the systems. Later that week, five computers belonging to the Los Angeles County health department were infected with a ransomware variant. The health department refuses to pay the ransom and will restore its systems from backups. Similarly, two hospitals in Germany were infected with ransomware at roughly the same time as Hollywood Presbyterian Medical Center.
Ransomware threat actors may target administrative systems at lower and higher education institutions. General education systems are more likely to be disrupted by a ransomware attack; though, colleges and universities are more likely to have funds sufficient to pay a sizable ransom.
In February 2016, at least two primary school districts were targeted with crypto ransomware. Horry County school district in South Carolina paid $8,500 to decrypt their 25 servers after an FBI investigation yielded no alternative action.