A little while ago, I wrote on this Blog about the threat that the form of malware known as Ransomware poses to our online security. Now I want to focus on the particular threat that Ransomware poses to universities.
I’m thinking of a recent case in which one prominent university fell victim to this menace, with worrying results. When the Ransomware infection hit the university in question, it locked down exam results shortly before they were due to be announced. No decrypter could be found for the specific infection, but the university had, fortunately, digitally backed up all of its exam results by recording them on excel spreadsheets. This allowed the administration to painstakingly reconstruct the locked-down results, but the announcement of those results was delayed for almost one month.
Backing up or Backing Down?
Depending on I.T. and administrative procedures, the consequences of Ransomware attacks can vary widely from one university to another. A recent attack on the University of Calgary in Alberta, for example, compelled that institution’s authorities to pay a ransom of $20,000 to have their computer systems files decrypted. The ransom had to be paid, simply because the university had failed to properly back up its data. This must be one of the most expensive lessons ever learned at any university.
Securing the University in a Risky Environment
Unfortunately, the bigger picture is worrying. Ransomware threats are constantly increasing in number and becoming ever-more sophisticated. What should our universities do to avoid getting “system infected” warnings due to Ransomware activity? One highly recommended precaution is to use automated and isolated backup mechanisms, together with an Intrusion Detection System (IDS) both at network level and for critical assets. An IDS is a powerful resource in the battle against Ransomware, because it provides specific insights into any potential threat. The AlienVault Unified Security Management (USM) platform may be especially desirable, because it has inbuilt IDS with SIEM (security information and event management) and real-time threat intelligence. Both of these features can help in the rapid detection of Ransomware and other threats.