Ransomware attacks universities

Why are ransomware attacks on universities increasing?

Cyberthreats such as phishing and ransomware are not typically part of the usual curriculum, but perhaps they should be. Around the globe, cyberattacks on universities are becoming more frequent and more sophisticated. Each year, hundreds of universities report being hacked, and the number continues to grow. For example, in the last decade, over 25% of all UK universities have been victims of ransomware attacks, with most incidents occurring within the last five years.    

Limited budgets for IT staff and outdated technological infrastructure, as well as a lack of awareness, make universities easy targets for hackers. But what exactly do cybercriminals stand to gain from exploiting these networks? Let’s take a closer look at some of the most recent attacks before outlining how and why universities fall victim to hacking and ransomware attacks.   

Recent ransomware attacks on universities 

This July, the BBC reported at least ten universities in the US, UK, and Canada had students and/or alumni data stolen after hackers carried out a targeted ransomware attack on Blackbaud, one of the world’s largest providers of education administration and other software. One of the schools that confirmed the attack, the University of York, stated the stolen data included names, gender, dates of birth, addresses, and contact details, along with phone numbers and email addresses. More recently, Newcastle University suffered major data leaks and disruption of their network and IT systems due to a breach by DoppelPaymer ransomware operators.

Across the pond in the United States, the University of Utah paid almost half a million dollars to a ransomware gang to prevent them from leaking student data. Signs point to the NetWalker gang being behind the attack. This same gang has already been found responsible for three other incidents: one at Columbia College in Chicago, Michigan State University (no ransom was paid), and the University of California San Francisco (UCSF). 

Its June 1st attack on the University of California San Francisco (UCSF) wound up extorting $1.14 million from the leading medical-research institution. Despite the IT team’s attempt to hurriedly unplug computers to stop the attack, it came to an end through the university’s secret negotiations with the NetWalker gang via a live chat on the Dark Web. Once UCSF had transferred the bitcoins to Netwalker’s electronic wallets, they received decryption software to restore all encrypted data. 

However, it’s not always a ransomware attack. This year, successive cyberattacks shut down European supercomputers that numerous academic institutions were using to work on Covid-19 research. Mining malware was found on affected servers, suggesting hackers were attempting to steal system power to mine cryptocurrency. This points to the attack being motivated by financial gain rather than targeting sensitive data.    

What are cybercriminals after? 

For starters, universities have vast databases on thousands of students and faculty, which can include items of great interest to cybercriminals. This includes personal information like names, birth dates, telephone numbers, and email addresses, as well as financial recordsBut some of the data stored in university databases can be of even more value. 

Cutting-edge research takes place at universities, and the theft, manipulation, or destruction of this data can be enough motivation for hackers. For example, data might include highly sensitive information relating to research, patents, or other intellectual property. Threat actors know that stealing or accessing this kind of data means an even bigger likelihood a university will pay a high ransom to ensure the data is not lost or leaked. 

How does a cyberattack on a university happen? 

 Many attacks on universities are linked to phishing scams. Often with the larger goal to gain access to the larger system where they can spread ransomware and other malicious software. Hackers have been known to use phishing scams of all kinds, including getting people to click on links sent via social media or sending emails with malicious links or attachments with fake invoices.  

Phishing emails may seem too simple to take down a whole university network, but, they’re not. The techniques in which threat actors can manipulate people’s trust through social engineering has become incredibly sophisticated. And it only takes one person to click on one malicious link for cybercriminals to infiltrate the databases they need.  

How universities can protect against ransomware and other cyberthreats 

As mentioned above, weak, outdated systems combined with a general lack of knowledge to adequately prepare for a cyberattack is one of the top reasons educational institutes are targeted. Last year, the BBC reported that a test of UK university defenses demonstrated that hackers only needed two hours to obtain valuable data.    

Although many universities are buying bitcoins and cyber insurance to pay cybercriminals in case of a ransomware attack. that shouldn’t be their only line of defense. Nor should creating backups of all databases. To really defend against cyberattacks, universities need to be putting more basic measures in place. Here are some ways universities can upgrade their defenses:  

  • Update IT infrastructure   
  • Educate staff, faculty, and students about cybersecurity, particularly about how to spot phishing emails and similar scams like smishing and spear phishing.  
  • Ban the sharing of credentials and ensure that faculty are using strong passwords and two-factor authentication for more secure logins. 
Content Manager
Former journalist. Storyteller at heart.
Avira logo

Safeguard your digital life with Avira Free Security