U.K. Warns of Surge in Ransomware Threats Against Education Sector

The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.

This warning comes after the NCSC investigated in August an increased number of ransomware attacks on schools, colleges, and universities in the country.

A recent study conducted in the UK found that a third of all universities suffered a ransomware attack.

This study did not include a recent DoppelPaymer ransomware attack at Newcastle University, who refused to take part in the initial study.

Targeted weaknesses

Apart from forewarning about ransomware threats, the government organization also provides the common initial infection vectors seen for this type of cyber attack:

• Insecure Remote Desktop Protocol (RDP) configurations
• Vulnerabilities in unpatched software and hardware devices, especially equipment on the network edge, such as firewalls and VPNs.
• Phishing emails

Also Read: How To Make Effective Purchase Order Template Singapore

Once on the network, the attackers seek to move laterally searching for high-value machines to encrypt. Backups, network shares, servers, auditing devices, are all targets.

“While these have been isolated incidents, I would strongly urge all academic institutions to take heed of our alert and put in place the steps we suggest, to help ensure young people are able to return to education undisrupted” – Paul Chichester, Director of Operations at the NCSC

Effective defenses

The NCSC recommends having an incident response plan and implementing a “defence in depth” strategy, providing general tips for disrupting the most common ransomware attack vectors.

Effective vulnerability management and patching procedures, along with properly securing RDP services using multi-factor authentication are at the top of the list of recommendations.

Running updated antivirus software, having proper defenses against phishing, and disabling or setting up restrictions for scripting environments and macros can help thwart a large portion of cyberattacks, not just file-encrypting ones.

Implementing mechanisms for quick data recovery from up-to-date, valid offline backups are also included in the defense strategy against ransomware events.

For more specific action, the organization points to the recently updated guidance aiming to prevent malware attacks and to recover from ransomware incidents.

The spike in cyber attacks since schools all over the world started to resume activity has been noted by private security companies, too.

Kaspersky and Check Point published reports earlier this month about the education sector being a more frequent target since the beginning of the year, more so over the past two months.

In particular, the two cybersecurity companies noticed a surge in distributed denial-of-service attacks, although the threats varied from one region of the world to another.

Also Read: 9 Policies For Security Procedures Examples