Ransomware has continued to grow into one of the most heavily employed types of cyber attacks. It is targeted toward all types of organizations, both big and small, and can result in great losses. One of the worst attacks we have seen was the recent widespread WannaCry campaign, in which organizations all around the world were infected. When organizations do not have proper defenses or preparations in place, a ransomware attack can be a disaster for them and their data. In a recent incident, University College London has now been hit by a ransomware campaign.
Method of Attack
Ironically, University College London has been recognized for their cyber-security research excellence by the GCHQ. But, any organization that happens to have a small vulnerability can be infected by even simple campaigns. This attack had initially begun on Wednesday and continued into Thursday when access to online networks became restricted. The infection was first thought to have resulted from phishing emails, but it is now suggested that it was probably from a compromised website containing a malicious pop-up. The university had notified students and staff of the potential data loss and disruption, but they also believe the infection is now contained. Graham Rymer, a research associate at the University of Cambridge and ethical hacker, says that the timing of the attack is interesting. He mentions the fact that there are currently students nearing completion of their dissertations, so these may have been the target. Rymer said that the university seemed to handle the incident quite well, specifically pointing out that they had switched all of their drives to read-only, which heavily mitigated the damage of the attack. It does not appear that the university was the only target, as Rymer said that he had seen other organizations being hit by the same ransomware.
University College London now joins the ranks of the multitude of educational institutions that have been hit by cyber attacks. In fact, these types of organizations can be treasure troves for cyber attacks. They hold a wide array of valuable and sensitive data, like the personal information of students and staff, research data, and financial information. This can all be extremely valuable for attackers, whether employing it for their own malicious purposes or purloining it to sell on the black market. The fact that University College London was renowned for its cyber security research and still got infected just goes to show that anyone can be hit if they overlook any point of security. Being that this attack was the result of someone visiting a compromised website, this is likely a situation of an employee or student lacking proper cyber security education. Of course, it can be difficult to educate all of the students in attendance upon elaborate cyber security practices, but students and staff should be educated on the basics. Especially staff, since they have access to more critical system components.
Handling a Breach or Cyber Attack with Cyber Investigation Services
When an attack like the above happens, there comes the matter of needing to thoroughly investigate it. There is a multitude of factors that need to addressed in the event of a cyber attack, such as the extent, damage, and tracing of the perpetrator. This is where cyber investigation services can be of great value, as many organizations do not necessarily have adequate resources to perform this type of evaluation. Tracing the source of an attack is commonly neglected, yet it is quite necessary, as it allows the organization to pursue further action against the attacker, such as legal measures. Massive Alliance’s cyber investigation services can help an organization to better assess and remediate a breach.