Ransomware in Higher Education

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

Last year, cyber criminals honed in on colleges and universities drastically increasing the number of ransomware attacks. In 2018, the average ransomware demand was less than $10,000. Fast forward to the present time and the demands are well into the millions. 

While the FBI has warned against paying ransoms, some colleges and universities have made payments out of fear of having valuable data leaked to the dark web. 

During a ransomware attack, cyber criminals infiltrate the organization’s systems, block access,  encrypt data, and make it nearly impossible to regain access to the data. In higher education, hackers will threaten to release confidential information belonging to the institution itself or its students. Because colleges and universities keep highly sensitive student data, such as addresses, social security numbers, and birthdates, they have become a prime target, far surpassing other industries.

Formerly, the masterminds behind these awful extortions were incredibly tech-savvy individuals who were well versed in cyber crimes. However, with recent developments in technology, ransomware marketplaces sell malware to just about anyone willing to pay the price. Furthermore, since the hackers are requesting payments using anonymous cryptocurrency, local law authorities, and even the FBI, have had difficulty tracing the money and locating the criminals responsible for these crimes.

To safeguard against ransomware, train staff and students to recognize ransomware and its devastating effects. Have all users operate on a zero trust policy, which means to verify explicitly and always assume a security breach rather than giving the benefit of the doubt. Additionally, restricting user access to the information necessary to perform tasks is an added security measure worth implementing. Other protections include, but are not limited to, using multi-factor authentication, safely surfing the web, backing up your data, and then safely securing the backup.

- Additional information on this topic to follow.