Ransomware in the Education Sector

Waiting for a Ransomware Attack Will Cost You Big

University of California Ransomware Attack: It has been reported that the University of California, San Francisco has payed a staggering $1.14m ransom to criminal gang Netwalker, following a devastating ransomware attack against its School of Medicine earlier this month.

Paid to regain access to valuable research, the California university’s ransomware negotiation with the criminal gang was observed by BBC News following a tip-off from an anonymous source, likely inside the university.

Cost of Ransomware Attacks

With negotiation opening at £780,000, the eventual sum was arrived at via a dark-web-based customer service-style website belonging to the ransomware gang.

Having paid the ransom in the form of 116.4 bitcoin, a statement from the university noted that “the data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million.”

“The Growing Use of Malware”

Adding, “This incident reflects the growing use of malware by cyber-criminals around the world seeking monetary gain, including several recent attacks on institutions of higher education.”

The gang behind the University of California Ransomware Attack, Netwalker, is thought to be connected with at least two other university ransomware attacks in the past two months alone. The costs of the other attacks remain unknown.

Defending Against Ransomware Attacks

With barely a week passing without a ransomware attack hitting the headlines (as well as many more going unreported), there has never been a more important time for organisations to focus on information security and start defending themselves against attacks, such as ransomware.

As the cost of paying a ransom grows to over $1.4m, paying cyber-criminals and hackers to decrypt vital data is no guarantee of having your access restored, in fact, 22% of payees never regain access to their information.

Minimising Human Error

Rather than waiting for an attack to happen, the best form of response is an active and robust defence of your information and data, and a genuine investment in your human capital.

Though there are many technological solutions that can help defend against viruses, malware and ransomware attacks, around 94% of all malware is delivered by email; requiring a user to make a simple and avoidable mistake.

Human error plays an integral role in many information security incidents and breaches, regularly costing companies significant amounts in not only ransoms and other direct costs, but in productivity and reputation alike.

Hut Six’s comprehensive solution to human error, trains, tests and tracks your employee’s security awareness.

Delivered every two weeks, Hut Six tutorials focus on current threats; covering key topics including insider threat, encryption, password security and GDPR.

As well as this, our phishing simulation and feature rich reporting, not only helps safeguard your business, but also shows you where your strengths and weaknesses lie; giving you the information you need to improve.

With real-world case studies, relatable scenarios and an advanced phishing simulator, you can help instil a secure culture mindset, at all levels of your organisation, with Hut Six training.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.

Featured

Purpose of the Data Protection Act

What is the Purpose of the Data Protection Act?

What is the Purpose of the Data Protection Act? Blog by information security awareness training solution provider Hut Six Security.

InfoSec Round-Up: June 26th 2020

InfoSec Round-Up: June 26th 2020 - Hut Six

Police Data Leak, Facial Recognition Tech & Twitter Breach: InfoSec Round-Up, June 26th, 2020

Remote Working Security

Top 3 Remote Work Security Lessons

Top 3 Remote Work Security Lessons: remote work security blog by information security awareness provider Hut Six Security.

Data Protection Act Regulators

Who Regulates the Data Protection Act?

Who Regulates the Data Protection Act? Data Protection Blog by Information Security Awareness Training provider Hut Six Security

InfoSec Round-Up: June 19th 2020

InfoSec Round-Up: June 19th 2020 - Hut Six

Dating App Leak, Norwegian Tracing App and Security Camera Flaw – Infosec Round-Up, June 19th, 2020

NHS Phishing Attacks

NHS Email Accounts Compromised in Phishing Attack

NHS phishing attack sees email accounts compromised as part of an attack targeting a wide range of organisations Blog by Hut Six Security.

Data Protection Act Enforcers

Who Enforces the Data Protection Act?

Who Enforces the Data Protection Act? Principles, Protections and Penalties. Blog by Information Security Awareness Training provider Hut Six Security.

InfoSec Round-Up: June 12th 2020

InfoSec Round-Up: June 12th 2020 - Hut Six

Tax Refund Scams, Zoom Encryption and Fake Ransomware Decryptor – Infosec Round-Up, June 12th, 2020

How to improve your password security

How Secure is Your Password Process?

How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.

Data Protection Act Updates to Coverage

Who Does the Data Protection Act Apply To?

Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security