Expert Comment: Howard University Cancels Classes After The Ransomware Attack

BACKGROUND:

In response to reports that Washington D.C’s Howard University has canceled classes on Tuesday after being hit by a ransomware attack, cybersecurity experts offer their following comments.

Subscribe
Notify of
guest
3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chris Clements
Chris Clements , VP
InfoSec Expert
September 8, 2021 10:22 am

<p>Educational institutions and especially universities are popular targets for ransomware gangs for several reasons. First, they are typically soft targets for cybercriminals to penetrate. Often university departments enjoy independence from each other that can lead to sprawling disparate technology project that can remain unpatched or orphaned with no centralized oversight by IT. Overly permissive access and permissions is another common issue in high education organizations that can easily be exploited by attackers if they gain access to a single user account. Secondly, ransomware gangs know that universities despite being famous for budget issues can produce huge amounts of money to pay ransoms when forced to. This combination of relative ease of compromise and high ability to pay out extortion demands make universities incredibly lucrative targets for cybercriminals.</p>
<p>To protect themselves, educational institutions must adopt a culture of security that understands that risk from cyberattack can cause significant monetary and privacy damages that can have lasting impacts on the organizations ability to deliver education and student’s privacy.</p>

Last edited 9 months ago by Chris Clements
Tim Erlin
Tim Erlin , VP of Product Management and Strategy
InfoSec Expert
September 8, 2021 10:27 am

<p>Taking systems offline doesn’t always mean that those specific systems have been affected by ransomware. It may be a bit of a blunt instrument, but turning systems off can prevent ransomware from spreading further.</p>
<p>It’s easy to view the increase in ransomware headlines as a material change in the cybersecurity landscape, but it’s important to remember that ransomware has to announce itself to be successful. Other types of attacks that may use the same methods to infiltrate an organisation don’t ask for a ransom, and can stay hidden while they accomplish their objectives. </p>
<p>Universities are tough environments to secure. Their populations vary greatly over the course of a year. They accepts all kinds of devices into their networks, both from staff and students. And they change out their users at a high rate as students graduate and matriculate. Not many other IT organisations have to deal with all of these factors.</p>

Last edited 9 months ago by Tim Erlin
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
September 8, 2021 10:30 am

<p>The recent ransomware attack against Howard University is yet another reminder that no one is immune to being victimized and it isn’t surprising that higher education institutions are targets because they have wide attacks surfaces that are oftentimes poorly secured. With the start of a new school year and millions of students returning to campuses around the world in earnest since the COVID-19 outbreak in 2020, the mindset of the threat actors is likely that colleges will quickly pay the ransom because they want to minimise damages caused by a prolonged lockdown. However, paying a ransom doesn’t guarantee a fast return to normalcy.</p>
<p>In fact, a recent Cybereason <a href=\"https://u7061146.ct.sendgrid.net/ls/click?upn=4tNED-2FM8iDZJQyQ53jATUTb4Q8G2-2F0MYkMDaVoHyFiGq7-2Frc4GfaP4q1qvAriLMGHM4fG-2FmrUtIqwCasTQzM0duITRNIRRrkwQUK142foPgA6foKoIR-2Fdp7ebt2hFdYz4nIpAXZi7bGuTAVe0THb-2FA-3D-3DCToN_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQke8n6Vz6-2B8-2B-2BidxHBEe7oIt5MSmK1ZocbmOm-2B0E2W3-2Bl1nEDMZHPl6UVv0SA3VSmDxXDrgmUAUaeMEftJ5Q7DIuspBKB0TDixoSqR-2Fx3rBDykr-2FbUcnQKwwdVbeLiWhiVivfs3i439lMMqyoyhseLSmaEpq4L4TySRoaiqLsGwZYRWK4UfTYSrijTiLXfCH0zXmKIz58cn0DOYmg1qO5osKTakLGFobhlZtLaRvkx6Bz\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://u7061146.ct.sendgrid.net/ls/click?upn4tNED-2FM8iDZJQyQ53jATUTb4Q8G2-2F0MYkMDaVoHyFiGq7-2Frc4GfaP4q1qvAriLMGHM4fG-2FmrUtIqwCasTQzM0duITRNIRRrkwQUK142foPgA6foKoIR-2Fdp7ebt2hFdYz4nIpAXZi7bGuTAVe0THb-2FA-3D-3DCToN_S3RA1gMvL7v1TdZrqvF2X48vY2LyH9KYdxKxBaPFp6Fl1TEEsXDQbgk-2FWPw9Ah5nwh5z3HPLIw79cePUeHvYGbACtpGEOUo9gKA7RdPV7CHYnRZ1BgjoepqPsAq5T4X7K-2Bw26wspumVv2xNKnDUQke8n6Vz6-2B8-2B-2BidxHBEe7oIt5MSmK1ZocbmOm-2B0E2W3-2Bl1nEDMZHPl6UVv0SA3VSmDxXDrgmUAUaeMEftJ5Q7DIuspBKB0TDixoSqR-2Fx3rBDykr-2FbUcnQKwwdVbeLiWhiVivfs3i439lMMqyoyhseLSmaEpq4L4TySRoaiqLsGwZYRWK4UfTYSrijTiLXfCH0zXmKIz58cn0DOYmg1qO5osKTakLGFobhlZtLaRvkx6Bz&source=gmail&ust=1631181380538000&usg=AFQjCNHtl3txzOP12Rk3j0mZxojy5D7cEg\">study</a> of more than 1,000 businesses showed that 80 percent of businesses that paid a ransom were hit by a second ransomware attack. To Howard University – if you can at all avoid it, don\’t pay. Paying doesn\’t make the problem go away, since nearly half don\’t recover their data correctly, and it will become public anyway. If we have learned anything from the deluge of ransomware attacks in 2021, the public and private sector needs to invest now to ratchet up prevention and detection and improve resilience. We can meet fire with fire. Sure, the threat actors will get in, but so what? We can make that mean nothing. We can slow them down. We can limit what they see. We can ensure fast detection and ejection. We can, in short, make material breaches a thing of the past. So, what if they get a toe hold on the ramparts. We can keep them out of the castle by planning and being smart ahead of time and setting up the right defences.</p>

Last edited 9 months ago by Sam Curry
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x