Ransomware is a growing concern. This article will describe the history of ransomware and what you can do to protect both you and your institution.
Imagine logging into work one day to find you’re locked out of your computer. Suddenly a message pops up demanding you pay and an exuberant amount of money for your records. You have just been the victim of a ransomware attack.
Ransomeware attacks have been around for a long time. “In the late 1980s, criminals were already holding encrypted files hostage in exchange for cash sent via postal service.” [i] While these sorts of attacks have been around for 30 years, they became widespread with the emergence of cryptocurrencies. The number of ransomware attacks more than doubled as cybercrime operations increased throughout the pandemic[ii]. In 2021, there have been successful ransomware attacks including Colonial Pipeline who paid $4.4 million USD, and meat producer JBS who paid $11 million.[iii] In 2018, the average ransom demanded from a victim was $8,000. In 2020, the average demand great to $170,000.[iv] As access to cryptocurrencies becomes more user-friendly, the risk of ransomware attacks will grow.
Ransomeware attacks are something we all need to be aware of in education. Higher education institutions have access to invaluable research. If you’re in k-12, your school has records containing all sorts of personal information. Educational intuitions are a likely target. In a meeting at the University of Toronto, the Chief Information Security Officer suggested it wasn’t a matter of “if” an attack will happen, rather “when” an attack will occur. So what can you do to prevent a ransom wear attack at your institution?
1. Backup your data. if you have a copy stored somewhere else, you may not have to pay to have your records released
2. Update your device. don’t wait when that annoying pop-up appears. Updated devices are less vulnerable
3. Enable MFA. Multifactor authentication requires a user presents two or more pieces of evidence to an authentication mechanism [v]
4. Have a plan. if your data is compromised, have a plan. Will you recover a backup? How will you operate without access to your data?
About the Author
Alison Pattern worked in educational technology at the University of Manitoba, University of Toronto and Queen's University for the last 13 years. She is currently the Associate Director of the Elentra Consortium at Queen's University.
references
[i] A brief history of ransomware: CrowdStrike. crowdstrike.com. (2021, September 7). Retrieved October 6, 2021, from https://www.crowdstrike.com/cybersecurity-101/ransomware/history-of-ransomware/.
[ii] The increasing threat of ransomware in Higher Education. EDUCAUSE Review. (n.d.). Retrieved October 6, 2021, from https://er.educause.edu/articles/2021/6/the-increasing-threat-of-ransomware-in-higher-education.
[iii] Wells, K. (2021, July 9). The risk is real: Expect Ransomware. Security Matters. Retrieved October 6, 2021, from https://securitymatters.utoronto.ca/the-risk-is-real-expect-ransomware/.
[iv] The increasing threat of ransomware in Higher Education. EDUCAUSE Review. (n.d.). Retrieved October 6, 2021, from https://er.educause.edu/articles/2021/6/the-increasing-threat-of-ransomware-in-higher-education.
[v] Wikimedia Foundation. (2021, September 5). Multi-factor authentication. Wikipedia. Retrieved October 6, 2021, from https://en.wikipedia.org/wiki/Multi-factor_authentication.