With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community.
In a previous post, we provided information on how to protect your university from ransomware attacks. Here, we offer some advice on what to do if the worst happens and your university is attacked.
By Louise Schuster, AARNet’s Director, Cyber Security
A UK survey recently found that the majority of UK businesses hit by ransomware take a week or more to recover and suffer thousands of pounds damage a day. For 15% of those hit, the data encrypted by ransomware was not recoverable. In short, the impact of a ransomware attack on business operations can be significant.
Here are some steps you can take when faced with a ransomware attack:
If you can’t identify the ransomware, then there’s a chance it could be fake. In such cases, your files will not be encrypted; the attacker simply pops up a message which locks your screen. The ransom demand typically shows up inside a browser window and doesn’t let the user navigate away, or it locks the screen and displays a dialog box asking for an encryption key.
Having a clearly documented and agreed upon incident response plan that outlines in detail what steps the organisation will take to respond to a ransomware compromise (covering detection, containment, eradication and recovery) is critical for timely and effective remediation. The plan should be ‘tuned’ for your organisation and regularly tested to ensure it will work effectively.
In the absence of this plan, we recommend the following course of action, documenting the steps throughout this process.
Note: Cyber-insurance may provide some cover for costs incurred by ransomware infections. Ensure you understand the specific terms of your policy.
We would like to acknowledge Nick Ellsmore from Hivint for assisting with developing this advice.
Useful websites for more information:
Oct 18, 2017
Sep 27, 2017
Aug 10, 2017