With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community.
In a previous post, we provided information on how to protect your university from ransomware attacks. Here, we offer some advice on what to do if the worst happens and your university is attacked.
By Louise Schuster, AARNet’s Director, Cyber Security
A UK survey recently found that the majority of UK businesses hit by ransomware take a week or more to recover and suffer thousands of pounds damage a day. For 15% of those hit, the data encrypted by ransomware was not recoverable. In short, the impact of a ransomware attack on business operations can be significant.
Here are some steps you can take when faced with a ransomware attack:
If you can’t identify the ransomware, then there’s a chance it could be fake. In such cases, your files will not be encrypted; the attacker simply pops up a message which locks your screen. The ransom demand typically shows up inside a browser window and doesn’t let the user navigate away, or it locks the screen and displays a dialog box asking for an encryption key.
Having a clearly documented and agreed upon incident response plan that outlines in detail what steps the organisation will take to respond to a ransomware compromise (covering detection, containment, eradication and recovery) is critical for timely and effective remediation. The plan should be ‘tuned’ for your organisation and regularly tested to ensure it will work effectively.
In the absence of this plan, we recommend the following course of action, documenting the steps throughout this process.
Note: Cyber-insurance may provide some cover for costs incurred by ransomware infections. Ensure you understand the specific terms of your policy.
We would like to acknowledge Nick Ellsmore from Hivint for assisting with developing this advice.
Useful websites for more information:
May 17, 2017
Over the weekend of 13 & 14 May, hundreds of thousands of computer systems at government agencies, hospitals and companies in dozens of countries were affected by the malicious WannaCry cyber attack, which locked computers and held files to ransom. Australia is among the countries affected. Here, Edward Farrell, Director & Principal Consultant at...
Apr 5, 2017
Machine learning is offering insights into the behaviour of malicious bots by tracking them as they evolve over time to evade detection. It’s a powerful tool, but it’s not the only one needed to keep students safe in increasingly online learning environment explains Miranda Mowbray, a researcher in machine learning...
Feb 7, 2017
With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community. By Louise Schuster, AARNet’s Director, Cyber Security During our...