Expert Reacted to University of Utah Paid a Ransomware

The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder.

https://twitter.com/lordboots/status/1297363684809990145

Experts Comments

August 24, 2020
Jonathan Reiber
Senior Director of Cybersecurity Strategy and Policy
AttackIQ
Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow. So what to do? Universities, hospitals, and other organizations should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and.....Read More
Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow. So what to do? Universities, hospitals, and other organizations should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework. With ATT&CK as a foundation, organizations can then use automated adversary emulations to verify their defense effectiveness. Emulations provide insights about security team performance, enable better security decision-making, and lead to an overall improvement in security outcomes.  Read Less
August 24, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
The decision to pay a fairly important ransom will likely bolster sophisticated attacks against US universities that are already surging. When your data is just encrypted, and there is no economically practical way to decrypt it and restore operations but to pay a ransom, yielding to the attackers may be a sound decision as a matter of business. Numerous examples from the past, however, convincingly demonstrate that hackers will not necessarily honor their nebulous promises, and release the.....Read More
The decision to pay a fairly important ransom will likely bolster sophisticated attacks against US universities that are already surging. When your data is just encrypted, and there is no economically practical way to decrypt it and restore operations but to pay a ransom, yielding to the attackers may be a sound decision as a matter of business. Numerous examples from the past, however, convincingly demonstrate that hackers will not necessarily honor their nebulous promises, and release the data even after being fully paid. Worse, given the division of labor and collaboration between different gangs on the global cybercrime market, the gang behind the ransomware attack is usually not the only one with access to the stolen data. Thus, by accepting a payment from the victim, they have no factual means to guarantee that their accomplices won’t suddenly leak the data for fun or for profit. The use of cyber insurance to pay the ransom is rather bad than good. It will likely encourage other would-be victims to regard insurance as a panacea, disregarding their cybersecurity and data protection. Moreover, in light of such an alarming trend, cyber insurance companies will inevitably raise their premiums thereby hurting innocent companies and making insurance far too expensive for others.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.