Study: Higher Education is the Top Target for Ransomware Attacks


Higher education is being hit hard by ransomware. Although the retail and healthcare sectors are thought to be the main targets due to the valuable data housed in their organizations, education is targeted more frequently. A BitSight Insights report found that 13 percent of all higher education institutions were attacked with ransomware in 2016, compared to 5.9 percent for government, 3.5 percent for healthcare, 3.2 percent for retail, and 1.5 percent for financial organizations.

The number of attacks has doubled or tripled in the past year, depending on the industry, according to BitSight’s data. A recent survey from Osterman Research found that the number of attacks has been doubling or tripling each quarter. The sharp spike in attacks has led many security experts to dub 2016 as the year of ransomware, pushing ransomware to the top of many lists of the biggest security concerns. 2017 is expected to be even worse.

In a ransomware attack, a hacker uses malware, typically delivered in phishing emails, to encrypt or block access to information systems and data. The victim is informed that the only way to have access restored is to pay a certain amount of money, or a ransom.

The FBI recommends against paying the ransom because there is no guarantee that a hacker will live up to their end of the deal, and it could embolden the hacker to carry out more attacks and demand higher ransoms. However, many organizations can’t function without access to their systems and data, and they don’t want to damage their reputation, so they quietly pay the ransom. This is the main reason why ransomware is so prevalent and incidents are expected to continue to increase.

Malware, and the tactics used to get people to download it, are becoming more sophisticated. Advanced encryption algorithms and standards are now being used to control data access. Instead of immediately demanding a ransom, some hackers are gaining access to a network and searching for the most valuable data without being detected. This could lead to more targeted attacks and higher ransom demands. More ransomware attacks are now targeting backup systems, which would prevent the victim from simply shifting to backups if primary systems become unavailable.

More than technical skills, some ransomware attackers boast about their ability to earn the victim’s trust and get them to open attachments and click links. Once ransomware has been downloaded, some attackers pose as IT specialists who are there to help the victim. Some use incentives, such as offering a discount on a payment, or promising to restore access for free if the victim forwards malicious links to other people. Others use threats and countdown clocks to intimidate victims.

Awareness and training are key to prevention. Most ransomware is delivered via phishing email and require the recipient to do something, so educate faculty, staff and students about how to recognize dangerous emails, links and attachments. Implement formal procedures for reporting and investigating attacks. Identify the process to follow if ransomware is downloaded, such as disconnecting the device from the network and following breach notification laws. This should be part of your incident response plan. Conduct a risk assessment to understand how vulnerable your systems are to attack, and deploy the necessary tools and strategies to prevent or minimize the impact. Finally, back up data regularly and keep your backups disconnected from the network.

Ransomware isn’t going away, and higher education continues to be the prime target. In the time it took you to read this article, thousands of attacks could have been attempted on your network. Take steps now to increase awareness, improve your defenses, and implement processes that make your institution more resilient to ransomware attacks.