As ransomware attacks spread, the education sector must turn to sharing

If the ransomware criminal’s favorite day of the week is Friday, it’s best to be before the holiday or day off. This pattern emerged from the accounts of many victims-they happened on Friday when we let down our vigilance.

In fact, the ransomware attacker’s obsession with Friday has nothing to do with the belief that the defense was weak that day. This is about the psychology of the work week. People want to go home and rest, which means that defenders are more likely to succumb to their extortion demands effortlessly.

On April 9 this year, the University of Portsmouth joined the Friday Ransomware Club one week before the start of the summer semester. This is another model: choose a time of the year when the IT department is already under pressure or understaffed. "Due to the ransomware attack, the university’s IT services were interrupted," wrote in an internal email, after which it became clear that employees could not log on to the network. The university network failed for 12 consecutive days, and some systems were still interrupted for up to a month.

The most disturbing thing about this statement is that last year, similar incidents repeated many times in the entire education field, not only in elite universities, but also in small schools and colleges that would not normally be news.

In the same month, similar ransomware attacks hit the University of Hertfordshire, followed by the University of Central Lancashire, University of Northampton, Highland and Islands University, and Queen's University Belfast. In September last year, a particularly serious attack occurred at Newcastle University, which took several weeks to resolve.

At the same time, ransomware is attacking schools, including several schools in Nottinghamshire, an Education Trust in Leicester, and the Harris Union, which operates 50 primary and secondary schools in the southeast. It would be shocking if universities might want to be the target of small independent schools with few IT resources — people have been trying to steal intellectual property from them for years.

It's not that the industry has no other problems, including the pandemic, the impact of Brexit, tight budgets, and uninformed voices outside the industry questioning whether university education is worth the beginning.

Why is education?

To some extent, the surge in ransomware attacks targeting education reflects the situation in almost other sectors of the economy. Nevertheless, in the wave of attacks against the U.S. education sector in 2019 and 2020, ransomware attackers seem to have noticed something that drew them to try their luck with the same sector in other countries: education is no longer just a public Service, but become a business.

It is true that universities are full of intellectual property rights, but they also have increasingly demanding clients who pay thousands of pounds for one place every year. Even a slight interruption to the services that these people rely on will damage the reputation of the university and its close business model.

Data vulnerabilities

Universities and schools are targets because they are often filled with legacy systems. This is a euphemism for old equipment that has exceeded its safe life and cannot make budgets work. In many cases, the network security investment relationship is poor. In addition, there is a trend of ransomware attacks to steal data and ransom money. This is often seen as minor, but can be a huge hidden cost. Once personal data disappears, it is gone forever and cannot be stolen. For young people, this may have an impact in a few decades.

Conclusion: Talk to your peers

Obviously, education needs to invest more in cybersecurity than ever, and sometimes even more. The same defenses that any organization can use — authentication, structured backups, patching, network segmentation, tested incident response plans — can also be used for education, because it will be much less than weeks of downtime , The hiring of external forensics personnel team and the general loss of education income.

But a bigger lesson can be learned from it-peer communication. Currently, most victims are isolated from others under the same circumstances and learn from the attack. There is not enough sharing, and there are not enough institutions to communicate with each other. When the defender is fragmented, the attacker likes it, like an army is fighting many small battles instead of a war.

There are notable exceptions to this in higher education, and the government’s Joint Information Systems Committee (Jisc) is not for profit. It provides technical support to the education sector but does not have the budget and staffing to deal with the scale of the problem. There is also the National Cyber Security Center (NCSC), which coincidentally issued a warning about ransomware attacks on the industry in September last year.

Far more than journalists who write about the importance of backups, closing Remote Desktop Protocol (RDP) ports, anti-phishing strategies, or incident handling, they can come out from the other side of the attack and one by one. This is not easy to access unless you know someone well and can call them. However, when Friday arrives, getting this pool experience now may be different, because there will surely be that day.

Back to all articles