Ransomware in the Education Sector
Waiting for a Ransomware Attack Will Cost You Big
University of California Ransomware Attack: It has been reported that the University of California, San Francisco has payed a staggering $1.14m ransom to criminal gang Netwalker, following a devastating ransomware attack against its School of Medicine earlier this month.
Paid to regain access to valuable research, the California university’s ransomware negotiation with the criminal gang was observed by BBC News following a tip-off from an anonymous source, likely inside the university.
Cost of Ransomware Attacks
With negotiation opening at £780,000, the eventual sum was arrived at via a dark-web-based customer service-style website belonging to the ransomware gang.
Having paid the ransom in the form of 116.4 bitcoin, a statement from the university noted that “the data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million.”
“The Growing Use of Malware”
Adding, “This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education.”
The gang behind the University of California Ransomware Attack, Netwalker, is thought to be connected with at least two other university ransomware attacks in the past two months alone. The costs of the other attacks remain unknown.
Defending Against Ransomware Attacks
With barely a week passing without a ransomware attack hitting the headlines (as well as many more going unreported), there has never been a more important time for organisations to focus on information security and start defending themselves against attacks, such as ransomware.
As the cost of paying a ransom grows to over $1.4m, paying cyber-criminals and hackers to decrypt vital data is no guarantee of having your access restored, in fact, 22% of payees never regain access to their information.
Minimising Human Error
Rather than waiting for an attack to happen, the best form of response is an active and robust defence of your information and data, and a genuine investment in your human capital.
Though there are many technological solutions that can help defend against viruses, malware and ransomware attacks, around 94% of all malware is delivered by email; requiring a user to make a simple and avoidable mistake.
Human error plays an integral role in many information security incidents and breaches, regularly costing companies significant amounts in not only ransoms and other direct costs, but in productivity and reputation alike.
Hut Six’s comprehensive solution to human error, trains, tests and tracks your employee’s security awareness.
Delivered every two weeks, Hut Six tutorials focus on current threats; covering key topics including insider threat, encryption, password security and GDPR.
As well as this, our phishing simulation and feature rich reporting, not only helps safeguard your business, but also shows you where your strengths and weaknesses lie; giving you the information you need to improve.
With real-world case studies, relatable scenarios and an advanced phishing simulator, you can help instil a secure culture mindset, at all levels of your organisation, with Hut Six training.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
What is the Purpose of the Data Protection Act? Blog by information security awareness training solution provider Hut Six Security.
Top 3 Remote Work Security Lessons: remote work security blog by information security awareness provider Hut Six Security.
Who Regulates the Data Protection Act? Data Protection Blog by Information Security Awareness Training provider Hut Six Security
NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.
Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.
How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.
Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security
What Social Engineering Methods do attackers use to get your personal information? Blog by Information Security Awareness Training provider Hut Six Security
What Year Was the Data Protection Act Introduced? - 2018, however it has seen some changes as enforcements have increased.
How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.