What is ransomware and what can be done about it?
Ransomware is malware (malicious software) that individuals or criminal organizations use to encrypt files on computer networks. Most ransomware attacks extort large sums of money from victims in return for decrypting files, restoring access to those files, and promising not to publicly disclose potentially sensitive stolen data.
Higher education institutions are an enticing target because of the sensitive data they hold and because there is a diverse group of individuals in the community who may have different practices regarding their own online actions regarding safety and security. Using phishing emails and stolen credentials to gain access to IT networks, hackers using ransomware steal sensitive information and encrypt access to vital data and systems.
In such an attack, individuals, companies, or institutions have few options. These include paying the criminals (which may or may not ensure restored access), attempting to unencrypt the data themselves (which can be nearly impossible), or restoring the data from backups they have made. In addition, it is not always easy for institutions to pay ransom in cryptocurrency.
Colleges and universities are a target
According to EDUCAUSE, malicious hackers often target a college or university’s most valuable data in a ransomware attack. Sensitive research data or student information (social security numbers, addresses, and birthdates) are high-value targets. Criminals might also target system controls. For example, ransomware can be used to encrypt and lock down identity databases, resulting in a denial of service (DoS) attack that keeps other applications from using that database. Data and systems that could impede business functions are another popular target for ransomware attacks.
Smaller universities and colleges, as well as those that do not place a strong emphasis on research, are excellent targets for cyberattacks of this nature because they may lack resources to protect from cybersecurity attacks. Whether or not an institution thinks its data is important, criminals certainly do.
Any actions to prevent ransomware attacks should be at both the institutional and individual levels. While institutional security is a high-level approach outside the purview of individuals, everyone can practice smart ransomware threat prevention.
Preventing ransomware attacks
The FBI and US Cybersecurity Infrastructure Security Agency recommend the following:
• Update your operating system and software.
• Implement user training and phishing exercises to raise awareness about the risks of suspicious links and attachments.
• If you use Remote Desktop Protocol (RDP), secure and monitor it.
• Make an offline backup of your data, and practice using it.
• Use multifactor authentication (MFA).
How the REN-ISAC can help
Ransomware events can be highly disruptive to college campuses. Not only can they lock IT systems and threaten sensitive data, but they can also interrupt the campus facilities systems controlling electronic locks, research storage, and residence hall and classroom climate control. In addition, it is possible for threat actors to compromise IOT devices such as cameras and smart devices, which can represent a risk to privacy
To prepare for this kind of complex threat, the REN-ISAC offered workshops featuring hands-on scenarios that enabled participants to analyze and mitigate the risks and challenges of a ransomware attack.
We have published a Final Report of the best practices, areas of improvement, and persistent challenges discussed during all seven workshops. Because of the workshops’ unique enterprise approach to risk management, this report gives you access to expert knowledge from a variety of functional offices and a broad selection of institutions in Australia, Canada, and the U.S.
If your higher education institution or research network is Interested in hosting a REN-ISAC workshop on ransomware for your institution, please contact us.