Ransomware attacks on Higher Education Institutions (HEIs) across the world have been increasing recently and for some colleges and universities, this has been devastating. Recently some HEAnet members were victims of such attacks.
Ransomware is malicious software that reaches victims via spear-phishing campaigns or booby-trapped adverts and scrambles the data on a victim’s PC. It prevents users from accessing their system or personal files and typically, demands a ransom payment in order to regain access.
Colleges and universities handle large amounts of data such as personal information on staff and students, including information like names, birth dates, contact details, as well as financial records. Additionally, they manage sensitive research data, patents, or other intellectual property which makes HEIs “attractive” to hackers.
Prevention of these attacks is key. HEAnet have contacted its members to urge them to follow the advice from The National Cyber Security Centre (NCSC), in particular their CSIRT-IE page, to ensure their systems are patched and up to date.
Brian Nisbet, Service Operations Manager at HEAnet said “Ransomware attacks can be devastating and cause serious disruptions. Cyber threats evolve constantly, and we urge our members to follow the advice from the NCSC and stay on top of their ICT Security.
The consequences of not doing so may be very serious, including the loss of all on-site key systems. Members that have suffered attacks have found it very difficult to function. Some have been forced to temporarily close their campuses and will be feeling the financial and logistical effects for some time to come.”
HEAnet can assist in coordinating activities with the NCSC and our agreement with Jisc makes their CSIRT services available to all HEAnet Members, click here to learn more. Depending on the nature of the potential attack the Client Netflow Portal may also be able to provide some information.
As always, HEAnet clients can reach us at noc@heanet.ie or 01 6609040.
For more security updates, please visit our Security Updates page here.
