15 June 2017
Ransomware is becoming an increasingly popular way for malware authors to extort money from organisations. This was highlighted again yesterday when one of the most prestigious universities in the UK was struck by a major ransomware attack, which bypassed their antivirus software.
University College London (UCL) has been under a ransomware attack, according to its information security team since 14th June.
It appears that the malware made its way onto the university’s network on the 14 June by users visiting an infected website. It then started to spread across the university, infecting user accounts and shared drives. Although the university’s anti-virus systems were fully up to date, there were no alerts to any viruses or suspicious activity, suggesting that this could be a zero-day attack.
To try and contain the spread of the infection, the information security team have disabled a number of shared drives as they continue to work with the affected users to identify the source of the infection.
University College London Hospitals have also closed their email servers in a bid to protect themselves from a ransomware infection. So have Barts Health NHS Trust and East and North Herts NHS trust. A large ransomware campaign last month infected dozens of NHS trusts and paralysed services.
Unfortunately, this is just another example of why you shouldn’t rely on basic antivirus to protect yourself from the wide range of malware attacks out there today. The only way to stand any chance of defending against these type of attacks is to have a defence in depth security strategy that includes;
• Keeping your software up to date with the latest security patches
• Not clicking on links within emails
• Using an Endpoint Detection and Response (EDR) system
• Backing up your computers at least daily
• Using a strong password for any services
• Always using a firewall on both the network and workstations
• Using a pop-up blocker on all desktops
An FOI-based study from SentinelOne last year revealed that over half of universities in the UK had suffered a ransomware attack in the previous 12 months.
Ultimately, there are two types of organisation, those that have been attacked and those that will be – and this is true for education as it is every other sector.