Following the report about Freedom of Information, Bournemouth University, which boasts a cybersecurity centre, has been hit by ransomware 21 times in the last 12 months.
Cybersecurity firm SentinelOne contacted 71 UK universities. Of the 58 which replied, 23 said they had been attacked in the last year. Twenty-eight NHS Trusts said they had also been affected. IT security experts from AlienVault, Lieberman Software and ESET commented below what law enforcement can do to help against ransomware and how organisations can protect themselves.
Javvad Malik, Security Advocate at AlienVault:
“Being hit by ransomware, or any other form of malware is not uncommon in universities. In the case of Bournemouth university, it seems like none of the critical systems were impacted and they were able to relatively easily recover.
Whilst security purists may say that being hit 21 times in a year by ransomware indicates poor security – it more likely looks like good business acumen.
Rather than invest in preventative measures like antivirus which may or may not prevent ransomware from getting in, and to avoid the cost of paying ransomware, the university appears to have segregated its systems and put in place backup and restore processes that wipe and restore systems when they’re hit by ransomware.”
Jonathan Sander, VP of Product Strategy at Lieberman Software:
Why is it that only one university out of the 23 attacked contacted the police?
“It’s hard to say why folks are clearly victims of a crime don’t notify law enforcement, but there are a couple common reasons. People just don’t imagine that law enforcement can help. They think, often correctly, that the criminals are in another country. So they conclude, often incorrectly, law enforcement will either be powerless or be forced to bring in higher level authorities that may actually cause more disturbance than good. Another issue is that they fail to see what’s happening as a crime. Like with many other problems, if it happens in the computer it’s seen as a tech issue. Even when it’s certainly a crime, people can’t get past the attitude that anything attached to a keyboard is up to IT to sort out.”
Does reporting ransomware to the police actually help? (if so, how)
“How helpful law enforcement can be in any ransomware or other technology powered crime will vary greatly depending on the state of police departments in your area. Some law enforcement agencies have very advanced cyber capabilities, and staff with lots of experience dealing with many forms of attacks and issues. Others do not. However, in any case, simply having a public record of the incident is often helpful in the long run so that we all have a better picture of the overall state of cybersecurity.”
Mark James, Security Specialist at ESET:
Why is it that only one university out of the 23 attacked contacted the police? Does reporting ransomware to the police actually help? (if so, how)
“I think some companies still see it as a waste of time however, it is a criminal activity and should be reported to the police like any other crime. I appreciate with so many attacks it may seem worthless but it’s important the authorities have all the facts for budget and resource purposes and if they don’t know or don’t realise how big a problem it actually is they cannot forecast resources accordingly.”
While it is great that none of the universities paid the ransom, is it a concern that two of them did not have anti-virus protection?
“This shocks me beyond belief, whilst it’s not a 100% barrier it’s the first line of defence, it reduces the IT technicians’ time and resources dealing with malware attacks and takes some of the pressure away from the users. Of course there’s no substitute for common sense and being careful but it’s like not wearing a seatbelt because you’re only going to be driving at 20mph, it’s not YOU that’s the problem!
You have to layer your protection, AV is a very important part of protecting your users and their data, it’s a small outlay compared to the devastation that can be caused when malware gets hold, the mounting costs of downtime, PR and potential loss of data could be massive.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.