UK UNIVERSITIES are increasingly being targeted with ransomware, one having suffered 21 attacks in the past 12 months.
The information comes courtesy of Freedom of Information requests submitted by security company SentinalOne to 71 universities across the UK. The requests found that 63 per cent had been targeted by ransomware, while 56 per cent had been attacked at some point in the past year.
13 of the 71 universities contacted refused to answer because it could damage their "commercial interests", while two, Oxford and King's College London, admitted that they do not have any antivirus software designed to stop such threats, according to the FoI requests.
However, in a statement sent to the INQUIRER King's College London denied these claims. It said: "King's takes all forms of information security and compliance very seriously. In accordance with our IT Security and IT Network Policies, King’s College London use a variety of anti-virus solutions which are reviewed and changed as appropriate.
As virus attacks are so prevalent we do not advertise our specific defences. Most requests of this nature are from vendors seeking information in order to sell us their products and services."
The worst affected university is Bournemouth, which was the victim of 21 attacks in the past year.
Jeremiah Grossman, chief of security strategy at SentinelOne, described the situation as "deeply concerning".
"The fact that all but one of those suffering a ransomware attack had an anti-malware solution installed confirms the abject failure of traditional solutions to protect against the new virulent strains of ransomware," he said.
Fees demanded to decrypt data ranged from £77 to £2,299, usually in bitcoin. Only one university, Brunel, contacted the police about the attack.
However, despite the damage ransomware attacks can cause, not one of the universities questioned said they had ever paid a ransom. This is perhaps surprising as many organisations, including police forces, have paid up to minimise the impact.
Grossman was a tad sceptical of these responses, although he suggested that if ransoms were not being paid, it could be that those behind the attacks have other motives than merely making money.
"The fact that 65 per cent of those universities suffering an attack were the victim of repeated attacks, where no ransom was [allegedly] paid, may prompt us to question the motives of the adversary as more than purely financial," he said.
The scourge of ransomware is affecting all types of end user. A survey earlier this year found that the majority of UK firms have been hit at some point by ransomware and that many have paid out to regain access to files.
However, there are efforts to fight back. Intel Security, Kaspersky Lab, Europol and the Dutch National Police recently teamed up to launch the No More Ransomware portal in response to the rising threat. µ
Bad for shareholders, mildly good for the planet
YouTube on the Tube
Claims that it hasn't ever actually worked