Over half of the UK’s universities have been hit by a ransomware infection in the past year, with one suffering an astonishing 21 separate attacks, according to new Freedom of Information-based research from SentinelOne.
The endpoint security firm fired FoI requests to 71 unis, 13 of which refused to answer because they said it would affect them commercially – highlighting the problem the authorities have in estimating the scale of the problem.
It’s also notable that only one of those contacted (Brunel University) got in touch with the police following an incident.
If this pattern is repeated across the country in other sectors than the real level of ransomware in the UK might currently be hugely underestimated.
The majority of those affected claimed to have suffered at the hands of ransomware despite having AV or endpoint security in place on networked devices.
Remarkably, SentinelOne claimed two universities had no AV in place at all.
Ransom demands ranged from a lowly £77 all the way up to £2299 (5 Bitcoins), highlighting that the black hats are increasingly willing to raise their prices if they think the victim organization will be desperate enough to pay.
In the US, for example, the Hollywood Presbyterian Medical Center famously coughed up $17,000 to get its data back after being hit.
“Email addresses for staff are often in the public domain which means that potentially the entire staff could be targeted at once, increasing the chance for successful infections. It could also be that they’re motivated by instances of other Institutions reportedly paying out the ransom demands,” explained Gianluca Stringhini, assistant professor in the Department of Computer Science at UCL.
“All these factors combined underline the need for vigilance in the face of this increasing threat, from opening email attachments, to updating systems and back-ups for data.”
Almost two-thirds of targets were hit multiple times, with Bournemouth University the worst affected, being targeted an astonishing 21 times in just a year.
“A further motivation that could push criminals into successfully extorting a high-profile victim such as a university might be the potential publicity that can come from that," Stringhini told Infosecurity.
"News that a particular cybercrime crew is able to cause a lot of damage with their infections, and that they keep their word and actually restore the files after the ransom is paid, could increase their success rate in the future.”
On a more positive note, none of the respondents to the research said they paid the ransom, with all choosing to restore their lost data from back-up.