The Federal Bureau Investigation (FBI) Cyber Division warns that Higher Education institutions are getting targeted more frequently by ransomware.
For more information on the increasing threat of ransomware attacks on universities see the EDUCAUSE Review article titled “The Increasing Threat of Ransomware in Higher Educations” here.
Howard University in Washington, D.C is the latest victim of ransomware.
Ransomware is a form of cybercrime where malicious actors gain unauthorized access to an organization’s cyber resources and use that access as leverage to get the organization to pay a ransom. It has become a big problem for many organizations that has a presence is cyberspace, with may organization paying from thousand to millions of dollars to get access back. In recent years ransomware has turned into an industry, with organizations offering services to help mount ransomware attacks against selected targets.
Unauthorized access is normally gained through either malware download by the staff of the organizations, or through vulnerabilities in the software and cyber services the organization uses. Once access is gained, ransomware attacks usually take one of two forms. One form is where the malicious actor locks the organization out of its own network, key cyber resources, or important data files, and asks them to pay to get access back. Another form of ransomware is one where the malicious actor exfiltrates important private data and threatens to disclose the data to the public if the ransom is not paid. For universities, this private data can be student Personally Identifiable Information (PII) protected by the Family Educational Rights and Privacy Act (FERPA), Controlled Unclassified Information (CUI) that is part of important research, or Protected Health Information (PHI) protected by the Health Insurance Portability and Accountability Act (HIPAA).
For more information on Ransomware see the Cybersecurity and Infrastructure Security Agency (CISA) Ransomware 101 page here.