Expert Comments

Expert Reacted to University of Utah Paid a Ransomware

Expert(s): Security Experts
Expert(s): Security Experts

The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder.

https://twitter.com/lordboots/status/1297363684809990145

Experts Comments

August 24, 2020
Jonathan Reiber
Senior Director of Cybersecurity Strategy and Policy
AttackIQ
Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow. So what to do? Universities, hospitals, and other organizations should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and.....Read More
Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow. So what to do? Universities, hospitals, and other organizations should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework. With ATT&CK as a foundation, organizations can then use automated adversary emulations to verify their defense effectiveness. Emulations provide insights about security team performance, enable better security decision-making, and lead to an overall improvement in security outcomes.  Read Less
August 24, 2020
Ilia Kolochenko
Founder and CEO
ImmuniWeb
The decision to pay a fairly important ransom will likely bolster sophisticated attacks against US universities that are already surging. When your data is just encrypted, and there is no economically practical way to decrypt it and restore operations but to pay a ransom, yielding to the attackers may be a sound decision as a matter of business. Numerous examples from the past, however, convincingly demonstrate that hackers will not necessarily honor their nebulous promises, and release the.....Read More
The decision to pay a fairly important ransom will likely bolster sophisticated attacks against US universities that are already surging. When your data is just encrypted, and there is no economically practical way to decrypt it and restore operations but to pay a ransom, yielding to the attackers may be a sound decision as a matter of business. Numerous examples from the past, however, convincingly demonstrate that hackers will not necessarily honor their nebulous promises, and release the data even after being fully paid. Worse, given the division of labor and collaboration between different gangs on the global cybercrime market, the gang behind the ransomware attack is usually not the only one with access to the stolen data. Thus, by accepting a payment from the victim, they have no factual means to guarantee that their accomplices won’t suddenly leak the data for fun or for profit. The use of cyber insurance to pay the ransom is rather bad than good. It will likely encourage other would-be victims to regard insurance as a panacea, disregarding their cybersecurity and data protection. Moreover, in light of such an alarming trend, cyber insurance companies will inevitably raise their premiums thereby hurting innocent companies and making insurance far too expensive for others.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Panasonic Becomes Latest Victim Of Data Breach – Security Expert...

Clearview’s £17 Million Fine For Processing 10+ Billion Images Is...

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts