6 in 10 universities hit by ransomware, 2/3 hit multiple times

Freedom of Information requests filed by security company SentinelOne have shown that ransomware attacks appear to be rife within the UK higher education sector.

Ransomware: would you pay?
Ransomware: would you pay?

Some 63 percent of UK universities who responded to Freedom of Information requests (FOIs) filed by security company SentinelOne admit to being the target of a ransomware attack.

56 percent had suffered a ransomware attack in the past year - one university admitted that it had  suffered 21 separate attacks throughout the year.   

The FOI requests were filed in July 2016 to establish if  ransomware was a significant problem in academic institutions.  

Of the 71 universities contacted by SentinelOne, thirteen refused to answer because their response could damage their commercial interests.

While only Oxford and Kings College London admitted to not having any antivirus (AV) software, the majority of ‘protected' universities suffered ransomware attacks despite investing in AV solutions.  

No universities confessed to paying a ransom. However,  the value of ransoms demanded to decrypt the data ranged between £77 and £2,299 (5 bitcoins).  

Only Brunel university had ever contacted the police in relation to a ransomware attack, most universities preferring instead to deal with the situation internally.

It is clear that public authorities are increasingly primary targets for ransomware attacks. Earlier this year another FOI request showed that 30 percent of UK councils were the victims of ransomware.   

Universities are also targeted internationally with the University of Calgary admitting to paying a US$ 16,000 (£12,000) ransom.

Another prime target for ransomware has been US hospitals ‐ the Hollywood Presbyterian Medical Center in Los Angeles was the most notorious victim, admitting to  paying a US$ 17,000 (£12,900) ransom.   

Jeremiah Grossman, chief of security strategy at SentinelOne said: “The fact that all but one of those suffering a ransomware attack had an anti‐malware solution  installed, confirms the abject failure of traditional solutions to protect against the new, virulent  strains of ransomware.  In one particular case, Bournemouth University found themselves to be the  most targeted institution, with a deeply concerning 21 attacks in the last year.”

Grossman said: “The fact that 65 percent of those universities  suffering an attack were the victim of repeated attacks, where no ransom was [allegedly] paid, may  prompt us to question the motives of the adversary as more than purely financial.”

Gianluca Stinghini, lecturer and assistant professor, Department of Computer Science, and Security  Crime Science, University College London, comments, “These findings shine a light on the growing  Ransomware threat and the fact that Universities are seen as potentially lucrative targets. The high proportion of attacks, and the fact that many have been hit multiple times, could be down to a number of factors. They hold sensitive data on staff and students which makes them attractive in the eyes of cyber-criminals.

Stinghini went to explain that: “From the evidence provided in this study, it appears that cyber-criminals ask for more money in attacks against universities than they do when they target the general public. E‐mail addresses for staff are often in the public domain which means that potentially the entire staff could be targeted at once, increasing the chance for successful infections. It could also be that they're motivated by instances of other Institutions reportedly paying out the ransom demands. All  these factors combined to underline the need for vigilance in the face of this increasing threat, from opening email attachments, to updating systems and backups for data.”

Sign up to our newsletters