The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder.
The University of Utah revealed today that it paid a ransomware gang $457,000 in order to avoid hackers leaking student information. The university’s cyber insurance policy paid part of the ransom, and the university covered the remainder.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The decision to pay a fairly important ransom will likely bolster sophisticated attacks against US universities that are already surging. When your data is just encrypted, and there is no economically practical way to decrypt it and restore operations but to pay a ransom, yielding to the attackers may be a sound decision as a matter of business.
Numerous examples from the past, however, convincingly demonstrate that hackers will not necessarily honor their nebulous promises, and release the data even after being fully paid. Worse, given the division of labor and collaboration between different gangs on the global cybercrime market, the gang behind the ransomware attack is usually not the only one with access to the stolen data. Thus, by accepting a payment from the victim, they have no factual means to guarantee that their accomplices won’t suddenly leak the data for fun or for profit.
The use of cyber insurance to pay the ransom is rather bad than good. It will likely encourage other would-be victims to regard insurance as a panacea, disregarding their cybersecurity and data protection. Moreover, in light of such an alarming trend, cyber insurance companies will inevitably raise their premiums thereby hurting innocent companies and making insurance far too expensive for others.
Student data is an attractive target for ransomware groups, and the University of Utah is just the latest victim following attacks on Michigan State and the University of California at San Francisco. As the school year ramps up, ransomware attacks will grow.
So what to do? Universities, hospitals, and other organizations should take a threat-informed approach to their cybersecurity strategy to stop ransomware. Defenders should start by studying common adversary tactics, techniques, and procedures as outlined by the MITRE ATT&CK framework. With ATT&CK as a foundation, organizations can then use automated adversary emulations to verify their defense effectiveness. Emulations provide insights about security team performance, enable better security decision-making, and lead to an overall improvement in security outcomes.