Ransomware warning: Hackers are launching fresh attacks against universities

Cybersecurity agency warns about a spike in ransomware attacks targeting universities and colleges.

Why ransomware has become the biggest cyber threat to your network in 2020

Cyber criminals are increasingly targeting universities with ransomware attacks and academic institutions are being urged to make sure their networks are resilient enough to protect against them.

The warning from the UK's National Cyber Security Centre (NCSC) – the cyber arm of GCHQ – comes following a recent spike in hackers targeting universities with ransomware attacks during August. In some instances, hackers have not only demanded a significant bitcoin ransom from victims of attacks, but they've also threatened to leak stolen personal data of students if they're not paid.

The NCSC says it dealt with several ransomware attacks against universities that caused varying levels of destruction depending on the level of cybersecurity the institutions already had in place.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)    

And with colleges and universities gearing up to start the new academic year and welcome new students – while already facing challenges because of the ongoing coronavirus pandemic – they've been urged to make sure their cybersecurity infrastructure is ready to defend the additional challenge of a ransomware attack.

"This criminal targeting of the education sector, particularly at such a challenging time, is utterly reprehensible," said Paul Chichester, director of operations at the NCSC.

"While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted.

"We are absolutely committed to ensuring UK academia is as safe as possible from cyber threats, and will not hesitate to act when that threat evolves," he added.

The Targeted ransomware attacks on the UK education sector alert details some of the most common attack infection vectors, including Remote Desktop Protocols (RDP), phishing emails and software and hardware that's been left vulnerable due to lack of security patching.

Mitigation against ransomware attacks that universities are being urged to adopt include effective vulnerability management and patching, securing RDP services with multi-factor authentication, installing anti-virus software, and ensuring staff and students are aware of the risks posed by phishing emails.

It's also recommended that universities have up-to-date and tested offline backups, so that if systems are encrypted by a ransomware attack, they can be restored without paying a ransom to cyber criminals.

SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened

The NCSC also urges universities to test how they'd respond to a ransomware attack by using the NCSC's free Exercise in a Box tool, which allows organisations to see how their defences would hold up against hacking scenarios based on real events.

"As the last six months have shown us, it has never been more important for colleges to have the right digital infrastructure in order to be able to protect their systems and keep learning happening, whatever the circumstance," said David Corke, director of education and skills policy at the Association of Colleges.

"This needs a whole college approach and for a focus wider than just systems, it needs to include supporting leaders, teachers and students to recognise threats, mitigate against them, and act decisively when something goes wrong. This guidance will prove incredibly useful for colleges to ensure that they can do just that," he added.

MORE ON CYBERSECURITY