Cybercriminals are continuously testing organizations and individuals to seek out vulnerabilities and gain access to data. Once they have access to your data, they may corrupt it, delete it, or sell it to others. An increasingly common attack is to hold it for ransom, charging you or your organization money to regain access to your data or, more disturbingly, to stop them from selling or publishing it. The size of these ransoms has increased significantly as the criminals have turned their attention to larger targets with deeper pockets.
What is ransomware?
Ransomware is a type of malware that encrypts all the data that an individual has access to, both files and any synced network or cloud storage drives on the infected system making them unreadable. Once encrypted, the malware demands a payment (ransom) to get the decryption key. Ransomware is commonly introduced into a network through phishing, malicious attachments, or malicious downloads.
Why is it important for the BU community to be familiar with ransomware and malware?
Since higher education institutions store vast amounts data, including personal, financial, health, and research data, and have sizeable budgets, they make ideal targets for ransomware attacks.
According to Microsoft Security Intelligence, higher education accounted for 62.8 percent of almost 9.4 million malware encounters reported during just the month of November in 2020.
In June of 2020, the University of California San Francisco (UCSF) paid $1.14 million in Bitcoin to recover School of Medicine data. In July, a ransomware attack shut down New York City-based Monroe College leaving students, staff, and faculty unable to access the college’s learning management systems, email, and website. In this attack, criminals demanded $2 million in Bitcoin to restore Monroe’s systems. And in August, the University of Utah published that it paid $457,000 to retrieve encrypted student and faculty data from a ransomware attack
What can we do to protect ourselves and our community from ransomware? There are several resources at Boston University to help reduce our risk. The first is you. Understanding what ransomware and malware is to the first step toward protecting our data. Since we know that ransomware attacks can begin with phishing, visit the BU Phishing Guide for a quick tutorial on how to spot a scam:
Visit the BU Phish Bowl to see some of the most reported phish circulating on our network and compare a phishy email you may have received
Lastly, download BU’s latest endpoint protection solution, Crowdstrike (replacing McAfee), to get protection on your personal device (No charge to you or your department!)
Thank you for doing your part to keep Boston University protected!