Ransomware Assaults Targeting Institutions

Universities are being targeted by cyber thieves with ransomware assaults that cost millions of pounds, while IT departments are overburdened.
SIA Team
April 22, 2022

As incidents continue to wreak havoc on the education sector, schools and colleges are witnessing an unprecedented volume of ransomware attacks.

According to the report, dozens of UK universities, colleges, and schools have been targeted by ransomware assaults since 2020, causing significant inconvenience to staff and students as well as significant financial loss to the institutions. Jisc claims that impact costs have topped £2 million in several cases.

In March 2022, two universities and a further education and skills (FES) provider were struck by separate ransomware assaults, according to the report.

Although the institutions aren’t named, the study claims that each incident had a major impact since systems had to be shut down to prevent future virus propagation and to safely retrieve and restore data. A third party was brought in in one example to assist the organization in fully recovering from the disaster.

Ransomware and malware are the top cybersecurity threats in higher education, according to Jisc, followed by phishing and social engineering.

One of the reasons colleges have become such a common target for ransomware attacks, according to the paper, is because of the pandemic-induced abrupt shift to remote working for staff and students, which inadvertently exposed institutions to assault.

The shift to online schooling has resulted in a considerable increase in the use of remote desktop protocol, which can provide ransomware attackers with an entry point into networks.

Cyber thieves can get usernames and passwords using phishing emails, which they can subsequently exploit to gain access to networks through legitimate user accounts. Cyber thieves can also use brute-force attempts to break into accounts that use common or previously compromised passwords.

“This emphasizes the significance of putting in place fundamental security controls, such as defenses against brute-force assaults,” the paper states.