Ransomware still proving disruptive

Just over 1 month on from the WannaCry attack, there have been reports about a significant ransomware attack on University College London.  The attacks impacted shared drives, with detailed instructions given out on the university website.  By 2.30pm on 16th June, users were told that the ‘first phase of share folders will come back online this afternoon at 2.30pm and the remainder will be restored on Monday morning once full recovery of the corrupted files in these shares has been completed.’  Interestingly, UCL is now updating a security certificate for Eduroam despite earlier stating that ‘Our antivirus software is up to date and we are working with anti-virus suppliers to pass on details of the infection so that they are aware of the incident. We cannot currently confirm the ransomware that was deployed.’; it is not known whether the two issues are linked.

As ever, this example serves to highlight the need for education to ensure that staff and other users are not clicking on dangerous links in emails or an websites, as well as the need for swift communications to ensure that further damage to systems is not caused by continued access.  It equally highlights the importance of integration between business continuity and information security, showing how effective back-up practices are vital for the recovery of data.  Indeed, it would be interesting to know if the recovery from this incident is within the paramenters that have been identified in any Business Impact Analysis that may have been completed by the University.

Contact Cambridge Risk Solutions to find how we can help you with information security and incident management planning,  Call us on 0800 035 1231.