Expert Reacted to University of Utah Paid a Ransomware

The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder.

https://twitter.com/lordboots/status/1297363684809990145

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Ilia Kolochenko
Ilia Kolochenko , Founder and CEO
InfoSec Expert
August 24, 2020 12:00 pm

The decision to pay a fairly important ransom will likely bolster sophisticated attacks against US universities that are already surging. When your data is just encrypted, and there is no economically practical way to decrypt it and restore operations but to pay a ransom, yielding to the attackers may be a sound decision as a matter of business.

Numerous examples from the past, however, convincingly demonstrate that hackers will not necessarily honor their nebulous promises, and release the data even after being fully paid. Worse, given the division of labor and collaboration between different gangs on the global cybercrime market, the gang behind the ransomware attack is usually not the only one with access to the stolen data. Thus, by accepting a payment from the victim, they have no factual means to guarantee that their accomplices won’t suddenly leak the data for fun or for profit.

The use of cyber insurance to pay the ransom is rather bad than good. It will likely encourage other would-be victims to regard insurance as a panacea, disregarding their cybersecurity and data protection. Moreover, in light of such an alarming trend, cyber insurance companies will inevitably raise their premiums thereby hurting innocent companies and making insurance far too expensive for others.

Last edited 2 years ago by Ilia Kolochenko
Jonathan Reiber
Jonathan Reiber , Senior Director of Cybersecurity Strategy and Policy
InfoSec Expert
August 24, 2020 11:09 am

Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow.

So what to do? Universities, hospitals, and other organizations should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework. With ATT&CK as a foundation, organizations can then use automated adversary emulations to verify their defense effectiveness. Emulations provide insights about security team performance, enable better security decision-making, and lead to an overall improvement in security outcomes.

Last edited 2 years ago by Jonathan Reiber
2
0
Would love your thoughts, please comment.x
()
x