Ransomware Attack On Birmingham College And Increased Risk To Educational Institutions

<p>South and City College in Birmingham has not confirmed the specifics of the attack yet but yesterday, the FBI issued <a href=\"https://www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/\" target=\"_blank\" rel=\"noopener\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.bleepingcomputer.com/news/security/fbi-warns-of-escalating-pysa-ransomware-attacks-on-education-orgs/&source=gmail&ust=1616154328156000&usg=AFQjCNHelxlWqhXIQJyK4LP6Q9pWdw-cAQ\">guidance</a> on an “Increase in PYSA Ransomware Targeting Education Institutions”. The FBI is reporting an increase in PYSA ransomware targeting education institutions in 12 US states and the United Kingdom.</p> <p> </p> <p>This is a double extortion attack both encrypting and exfiltrating data to extort the victims – threatening to release data on the dark web if ransoms are not met. Attackers are gaining access through phishing emails or compromising Remote Desktop Protocol (RDP) credentials.</p> <p> </p> <p>It hasn’t been disclosed if it was PYSA ransomware that hit South and City College in Birmingham but educational institutions should take note. Education is already shouldering enormous demands during the pandemic. Ransomware attacks like this cause significant disruption of days or even weeks and months.  </p> <p> </p> <p>Key actions should be to review RDP and warn users about the heightened threat of phishing. Ideally, anti-spam tools will prevent phishing emails but they will not prevent every targeted email getting through, vigilant users are vital too. They should also review incident response plans and backup and recovery plans.</p> <p> </p>