It’s happened again! In the seemingly endless litany of COVID-related cyber-crime, The University of San Francisco, the leading United States based medical research institution, has admitted to paying hackers a staggering $1.14M
(116.4 bitcoins) in ransom after a successful malware attack.
The Windows ransomware family, Netwalker,
is confirmed responsible for the attack. Netwalker (AKA: Mailto) is a Windows ransomware family traditionally and successfully targeting corporate computer networks globally, with the added bonus of aggressively threatening victims with the publication of stolen information if the ransom isn’t paid in full.
UCSF told BBC News
: "The data that was encrypted is important to some of the academic work we pursue as a university serving the public good. We therefore made the difficult decision to pay some portion of the ransom, approximately $1.14 million, to the individuals behind the malware attack in exchange for a tool to unlock the encrypted data and the return of the data they obtained".
Education Under Attack!
The Education sector has experienced an increasing number of attacks in the wake of COVID-19, with researchers working hard to find a treatment or cure for the global pandemic and criminals working just as hard to steal their research. Attackers are well aware that most educational facilities don’t have the budget or staff to effectively protect their networks, which host a wealth of personal and valuable information related to research, finance, students, and thus, their parents. COVID-19 has compounded the security issue for the Education sector, pushing it into its burgeoning online space faster than expected. In 2019 malware accounted for 28 percent of cyber-security incidents in schools, tripling from 2018. Unsurprisingly, in 2020, attacks on Education ranked 6th among top targets for Q1
Paying the Price!
While many companies are now offering ransomware insurance solutions, indicating that many companies are paying ransoms, Forbes
says that you should never pay the ransom. A recent study by Cyberedge Group found that 62% of those attacked paid the ransom, while only 19% of those who paid had their files returned to them. Those just aren’t great odds.
Threat analyst for Emsisoft, Brett Callow, wittily says, "Even if they pay the demand, they'll simply receive a pinky-promise that the stolen data will be deleted. But why would a ruthless criminal enterprise delete data that it may be able to further monetise at a later date?" Cybercriminals have too many reasons not to return the data. First, their malware or ransomware could be cheap or poorly constructed, designed to scare the organization into payment but not to be decrypted. In addition, the stolen data is valuable on the dark web, meaning a double pay-day if the ransom is paid. Finally, the criminals could simply get lazy or bored with the process after receiving payment and do what criminals do – walk away and leave us to mop up their wreckage. Jan Op Gen Oorth, from Europol said, "Victims should not pay the ransom, as this finances criminals and encourages them to continue their illegal activities
What are my options?
On the other side of the coin, of those who refused to pay the ransom, 86% were able to recover their files using their own back-ups. Good back-ups are fantastic, but require prior planning and significant storage capabilities, meaning significant security for said storage – an issue the Education sector is struggling within 2020, with their meteoric leap toward fully-online operations.
For Education institutions or organizations who have yet to deploy comprehensive security protections, Incident Response services
are becoming more popular and essential. Incident Response, also known as IR services, help track ransomware through the system, back to its source, discover vulnerabilities and entry points, and mitigate the fallout by removing visible and invisible ransomware from the system. Many companies believe that they have experienced the worst as victims of a ransomware attack, but without IR services, ransomware can hide or remain dormant within a system for a long period of time, waiting for its next opportunity to deploy.
Why Sangfor Technologies?
Sangfor is offering IR services at a special discounted rate for a limited time, in an effort to help out those in the Education sector, and any other vertical, protect themselves in this unprecedented time. Click HERE
to learn more about IR services and how Sangfor can help you.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.