63 percent of UK universities have been hit by ransomware – most of them multiple times, and Bournemouth University a total of 21 times in the last year, SentinelOne has found.
The company has filed Freedom of Information requests for 71 UK universities, and 58 replied. Their answers were enough to paint this picture:
- The overwhelming majority of them use antivirus solutions, but they have failed to block the ransomware
- Only Brunel university contacted law enforcement when it got hit
- Unlike the University of Calgary, and over half of CISOs of UK businesses, none of them paid the ransom (which, according to SC Magazine UK, ranged between £77 and £2,299)
That will come as a surprise to no-one, as healthcare organizations became primary ransomware targets after the attackers realized they will pay bigger sums that individual users in order to get their data back.
Businesses – no matter where they are located and what industry they are in – also make great targets. Sometimes, the attackers will use other malware to check whether it’s worth to deploy ransomware on a target business’ network.
“The ransomware criminal business model has achieved a lot success because often the cost of decrypting the files by ransom is seen as more cost effective and less time consuming than restoring from a backup, if indeed backups exist. This is especially the case in organisations like universities and NHS trusts whose operations rely on critical data,” David Kennerley, Director of Threat Research at Webroot, told Help Net Security.
“Ransomware is a crime, and victims should report it to the relevant authorities as they would a robbery. It is also not guaranteed that the attacker will restore the affected files, while paying any ransom only highlights the poor security posture of the affected organisation and encourages further attacks.”
“Keeping personal data safe is incredibly important, especially for organizations such as the NHS and educational institutions. While it’s true that the NHS moved slower digitally than other sectors, with the main reason cited for the lack of connectivity being concerns around security, this hasn’t made them less of a target, and so NHS Trusts and universities need to be vigilant in the war against cybercrime,” noted Rob Wilkinson, Head of Public Sector at Smoothwall.
“These organisations must adapt to the connect age and it’s the responsibility of everyone in the IT and security industry to assist the organisation in this. Keeping everything secure will be a major challenge which will require the help of having a robust security strategy in place. It will be essential that they start with the basics. Beginning with a firewall, encryption and good security software. If companies have those measures in place and continue to layer on top of that with multiple providers to create iron clad layers of security, then it will reduce the chances of attacks such as these from occurring in the future.”
Ransomware is lucrative, low-risk and easy to use, and until one of those first two characteristic changes, it will continue to pose a big threat to (essentially) everyone.
Law enforcement and the security industry are trying to fight the threat in various ways, but the best way IT pros can keep their organizations is to keep well informed, implement best practices, and several defense layers.