Skip to the content

Ransomware attackers target universities


Replies to FoI request point to a growing threat of blackmail from internet criminals

More than half of the universities responding to a freedom of information (FoI) request acknowledged that they have been the target of a ransomware attack.

Of the 58 that answered, 63% said they had been subject to an attack and 56% said it had happened in the past year. One admitted that it had been attacked 21 times in 12 months.

End point protection company SentinelOne submitted the FoI requests to establish if ransomware is a significant problem for academic institutions. 13 of the 71 approached refused to respond, claiming it would damage their commercial interests.

A ransomware attack involves planting malware that encrypts the victim’s data and demanding payment for the decryption key. It can be spread through email attachments, infected programs and corrupted websites, and has reportedly become more common as the attacker can obtain money more quickly than through attempting to sell the victim’s data.

The FoI request showed that most of the universities suffering attacks had an antivirus solution in place, although Oxford and Kings College London admitted they did not have it.

None of the universities admitted to paying a ransom, but only Brunel contacted the police, most preferring to deal with it internally.

Lucrative targets

Ginaluck Stinghini, assistant professor in the Department of Computer Science, University College London, said: “These findings shine a light on the growing ransomware threat and the fact that universities are seen as potentially lucrative targets.

“The high proportion of attacks, and the fact that many have been hit multiple times, could be down to a number of factors. They hold sensitive data on staff and students which makes them attractive in the eyes of cyber criminals.

“From the evidence provided in this study, it appears that cyber criminals ask for more money in attacks against universities than they do when they target the general public. eMail addresses for staff are often in the public domain which means that potentially the entire staff could be targeted at once, increasing the chance for successful infections. 

“It could also be that they’re motivated by instances of other institutions reportedly paying out the ransom demands.

“All these factors combined underline the need for vigilance in the face of this increasing threat, from opening email attachments, to updating systems and back-ups for data.”

Photo: iStockphoto/Henrik Jonsson

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.