With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community.
In a previous post, we provided information on how to protect your university from ransomware attacks. Here, we offer some advice on what to do if the worst happens and your university is attacked.
By Louise Schuster, AARNet’s Director, Cyber Security
A UK survey recently found that the majority of UK businesses hit by ransomware take a week or more to recover and suffer thousands of pounds damage a day. For 15% of those hit, the data encrypted by ransomware was not recoverable. In short, the impact of a ransomware attack on business operations can be significant.
Here are some steps you can take when faced with a ransomware attack:
If you can’t identify the ransomware, then there’s a chance it could be fake. In such cases, your files will not be encrypted; the attacker simply pops up a message which locks your screen. The ransom demand typically shows up inside a browser window and doesn’t let the user navigate away, or it locks the screen and displays a dialog box asking for an encryption key.
Having a clearly documented and agreed upon incident response plan that outlines in detail what steps the organisation will take to respond to a ransomware compromise (covering detection, containment, eradication and recovery) is critical for timely and effective remediation. The plan should be ‘tuned’ for your organisation and regularly tested to ensure it will work effectively.
In the absence of this plan, we recommend the following course of action, documenting the steps throughout this process.
Note: Cyber-insurance may provide some cover for costs incurred by ransomware infections. Ensure you understand the specific terms of your policy.
We would like to acknowledge Nick Ellsmore from Hivint for assisting with developing this advice.
Useful websites for more information:
Feb 7, 2017
With an increasing number of universities around the world reporting ransomware attacks and the threat showing no signs of going away, clear policies on cybersecurity and training for staff are the best form of defence for the Australian research and education community. By Louise Schuster, AARNet’s Director, Cyber Security During our...
Dec 16, 2016
DoS and DDoS attacks have become commonplace on the Internet, adversely affecting research and education institutions. It is important to note that there isn't one single way to deal with DoS and DDoS attacks, but here is some information about the types of attacks proliferating today, how AARNet deals...
Oct 11, 2016
With 90% Australians now regularly online, understanding how to get the most from the incredible digital resources on offer—in a safe way—is an important topic for most of us. This week (10-14 October, 2016) is the Australian Government’s Stay Smart Online Week , an annual reminder that cyber safety isn’t just a concern...