Ransomware in the Education Sector

Waiting for a Ransomware Attack Will Cost You Big

University of California Ransomware Attack: It has been reported that the University of California, San Francisco has payed a staggering $1.14m ransom to criminal gang Netwalker, following a devastating ransomware attack against its School of Medicine earlier this month.

Paid to regain access to valuable research, the California university’s ransomware negotiation with the criminal gang was observed by BBC News following a tip-off from an anonymous source, likely inside the university.

Cost of Ransomware Attacks

With negotiation opening at £780,000, the eventual sum was arrived at via a dark-web-based customer service-style website belonging to the ransomware gang.

Having paid the ransom in the form of 116.4 bitcoin, a statement from the university noted that “the data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million.”

“The Growing Use of Malware”

Adding, “This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education.”

The gang behind the University of California Ransomware Attack, Netwalker, is thought to be connected with at least two other university ransomware attacks in the past two months alone. The costs of the other attacks remain unknown.

Defending Against Ransomware Attacks

With barely a week passing without a ransomware attack hitting the headlines (as well as many more going unreported), there has never been a more important time for organisations to focus on information security and start defending themselves against attacks, such as ransomware.

As the cost of paying a ransom grows to over $1.4m, paying cyber-criminals and hackers to decrypt vital data is no guarantee of having your access restored, in fact, 22% of payees never regain access to their information.

Minimising Human Error

Rather than waiting for an attack to happen, the best form of response is an active and robust defence of your information and data, and a genuine investment in your human capital.

Though there are many technological solutions that can help defend against viruses, malware and ransomware attacks, around 94% of all malware is delivered by email; requiring a user to make a simple and avoidable mistake.

Human error plays an integral role in many information security incidents and breaches, regularly costing companies significant amounts in not only ransoms and other direct costs, but in productivity and reputation alike.

Hut Six’s comprehensive solution to human error, trains, tests and tracks your employee’s security awareness.

Delivered every two weeks, Hut Six tutorials focus on current threats; covering key topics including insider threat, encryption, password security and GDPR.

As well as this, our phishing simulation and feature rich reporting, not only helps safeguard your business, but also shows you where your strengths and weaknesses lie; giving you the information you need to improve.

With real-world case studies, relatable scenarios and an advanced phishing simulator, you can help instil a secure culture mindset, at all levels of your organisation, with Hut Six training.