US University Hit by Ransomware Attack

The BBC have published a fascinating birds-eye view of a ransomware attack at the University of California San Francisco this week.  Acting on a tip-off, the BBC were able to follow the on-line ransom negotiations as they happened, culminating in the payment of $1.14m.  We can only speculate, but the willingness of the university to deal with criminals suggests that the data that was being ransomed:

  • Had not been properly backed up; and/or
  • Had not been anonymised/encrypted.

Of course, followers of our blog will not be surprised to hear of another organisation paying a ransom: we blogged about this trend back in June.  The Hiscox Cyber Readiness Report last year found that one in six firms that were targeted paid a ransom of some sort, and this could very well be an underestimate: another survey by Malwarebytes put the figure at nearly 40%.  It has been widely reported that Travelex ended up paying a ransom of $2.3m following the high-profile attack on their systems at the start of the year.  Whilst, on the practical side, a survey by Coverware found that 96% of ransom payments were rewarded with a successful decryption tool; there are still profound ethical and reputational issues around paying out to criminals in this way.

Rather than have to make the invidious choice about whether or not to pay a ransom, surely it is better to invest ahead of time in your information security.  Follow the link to find out how we can help you to put a robust information security management system in place for your organisation.

Scroll to Top
Scroll to Top