Ransomware in Higher Education

In Brief:

  • CampusGuard, a partner of Nelnet Campus Commerce, focuses on cybersecurity and compliance needs of campus-based organization in higher education.

  • Ransomware accounted for approximately 80% of incidents reported in the educational sector in 2019.

  • Data, including student and health information, make higher education systems a prime target for ransomware attacks.

Blog Post

CampusGuard, a partner of Nelnet Campus Commerce, focuses on cybersecurity and compliance needs of campus-based organization in higher education. Offering a broad array of offensive security services, throughout their 12 years in business, they understand what it takes to keep higher education information secure. This article was originally published on CampusGuard’s website and shared with permission for the benefit of our clients and industry knowledge.

Did you know that every 10 seconds in 2020 a new organization became a victim of ransomware?

According to Verizon’s 2020 Data Breach Investigations Report, ransomware accounted for approximately 80% of incidents reported in the educational services sector in 2019. This was a 48% increase from the previous year.  Unfortunately, due to the COVID-19 pandemic and the shift to remote environments, cybercrime has increased even more, with recent reports showing that successful ransomware attacks on the education sector increased by a shocking 388% in the third quarter of 2020.

Colleges and universities host a significant amount of sensitive data, including student information, protected health information, financial information, and research data. This data, as well as the need to support such a diverse group of users (students, faculty, and staff) and systems makes higher education a prime target for ransomware attacks.

In June 2020, the University of California San Francisco (UCSF) paid $1.14 million to recover School of Medicine data from attackers. Another attack demanding $4 million shut down many of Monroe College’s systems, leaving students, staff, and faculty unable to access the college’s learning management system, email, and website. In August 2020, the University of Utah paid almost half a million dollars to recover data following a ransomware attack. And just recently, in February 2021, Central Piedmont Community College was compromised by a ransomware attack that disabled systems include the phones, email, productivity software, and learning management platforms. The college was forced to cancel classes and all scheduled events.

During ransomware attacks, hackers are not only encrypting organizational data and holding networks hostage, but 50% of ransomware cases are now also exfiltrating the data and threatening to publish the information on the dark web if organizations don’t pay the requested ransom. While a company could have previously rested more easily knowing their data was backed up, with data exfiltration growing at such an alarming pace, and the significant damage that can occur if stolen data is released publicly, it is no longer an easy decision. Cybercriminals are raising the stakes and requesting two separate ransoms: one for the decryption key, and one for not publishing the sensitive data online. Current ransom demands average around five million dollars but have been reported at over $40 million.

Cybercriminals know that colleges and universities value their student information, which unfortunately means the ransoms may continue to rise. Many organizations have bargained with hackers to protect their information, but recently there have been more examples of cybercriminals who aren’t holding up their end of the deal and are posting data even after receiving the requested ransom payments. Because there is no guarantee the data will be returned or kept private, organizations may not want to pay for exfiltrated data. The FBI also strongly recommends against paying ransoms because it encourages criminals to target more victims and offers an incentive for others to formulate similar attacks.

Attackers are also becoming more strategic. Whereas previously they may have launched the ransomware as soon as they were able gain entry into an organization through phishing or other means, they are instead now taking their time and using that initial access to move laterally throughout the network, gain access to escalated privileges, locate sensitive or critical data, and then deploying ransomware to a larger segment of the network.

To review the steps your organization can take to protect your systems and information from a ransomware attack, check out our recent blog post, Prepare to be Ransomed.

Author: CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government. Our success in serving our customers is a direct correlation to the experience, education, and commitment of our certified professionals. We understand what it takes to provide outstanding customer care, and we continually exceed our customers' expectations with a team of responsive professionals that understand the requirements for protecting confidential and sensitive information at fair and reasonable prices. Our extensive reference list is a testament to our significant capabilities and outstanding customer service.

View all posts by CampusGuard