British universities and colleges have been warned about a spike in ransomware attacks targeting the education sector by the UK’s National Cyber Security Centre (NCSC), a part of GCHQ.
Academic institutions are being urged to follow NCSC guidance following a sharp increase in attacks which have left some teachers fearing they won’t be able to accept students when term begins.
Last week staff at Newcastle University warned Sky News they had “no idea how we are going to welcome students in three weeks’ time” following one such ransomware attack, which has impacted IT services across the whole university.
Similar attacks in which criminal hackers infiltrated computer networks and stole data before encrypting the machines and demanding a ransom payment to unlock them again, have hit Northumbria University, Bolton Sixth Form College, Leeds City College and others in August alone.
NCSC’s director of operations Paul Chichester said the agency had seen an increase in the “utterly reprehensible” attacks over the past 18 months and was concerned they would disrupt young people’s education.
There are more than a dozen criminal groups which are currently earning millions by encrypting their victim’s computer networks and then leaking stolen documents online to pressure the victims into paying up.
Brett Callow, a senior researcher at cybersecurity company Emsisoft which specialises in these incidents, told Sky News “the fact that many ransomware groups now routinely steal data, using the threat of releasing or auctioning it as additional leverage to extort payment compounds the problem”.
He added: “This means that ransomware incidents are no longer simply costly and disruptive inconveniences.
“They’re now data breaches and expose organisations to multiple potential problems from the loss of intellectual property to regulatory penalties.”
He warned that the demands being made by the criminals are steadily increasing as well, encouraged by the high rewards available for successful attacks.
Universities and colleges warned that spike in cyber attacks could disrupt start of academic year for …: The National Cyber Security Centre (NCSC), part of the GCHQ intelligence agency, issued the warning as the academic year gets underway… https://t.co/pXuPJdUgLX EXETLOS— exetlos_gda (@Exetlos_GDA) September 17, 2020
“The average demand is currently somewhere between $150k and $250k, with the highest demand to date being a staggering $42 million,” Mr Callow said.
“Our advice is always not to pay the ransom,” said the NCSC’s Paul Chichester. “We don’t believe that ultimately helps.”
Instead he encouraged any victims to reach out to the NCSC, or the National Crime Agency, or to regional organised crime units, all of whom have expertise is dealing with cyber attacks.
“Help is there. It can feel really isolating as a victim when you receive these extortion messages – but I would really strong advise organisations when they are hit by a ransomware attack to please report it.
“We are there to help, advise and guide you on the way to respond to these things.”