A third of the universities in the United Kingdom responding to a freedom of information (FOI) request admitted to being a victim of a ransomware attack. These represent more than 25% of the universities and colleges in the country.
The incidents occurred in the past decade, most of them between 2015 and 2017. Several educational institutions suffered at least two file-encrypting attacks over the past decade, one of them recording more than 40 since 2013.
Digital PR and SEO agency TopLine Comms on June 29 submitted an FOI request to 134 universities in the U.K., asking if they had recorded a ransomware attack, when it happened, if they paid a ransom or not, and what the amount was if they did pay.
The interest was in Russel Group universities because their research focus indicates the most valuable intellectual property.
“Of the 18 Russel Group universities that responded, all but three refused to answer the questions submitted. The University of Manchester admitted it had been attacked but said it didn’t record when; the University of Sheffield was attacked in 2015 and the University of Edinburgh stated it had not been attacked in ten years” – Luke Budka
Many of the universities confirming a ransomware attack reported they dealt with attacks multiple times, with Sheffield Hallam University reporting a record number: 42 in the past seven years.
City, University of London (CUL) also recorded a higher number of such incidents: seven since 2014, the last two occurring in February 2017.
Ransom not paid
On the bright side, most of the respondents confirming falling victim to ransomware attacks said that they didn’t pay a ransom to the attackers, indicating that they restored affected systems from backups, although some were more reserved and declined to answer.
However, the results from the FOIA are a poor reflection of the recent period as close to half of all the schools receiving the solicitation refused to give any information, motivating with concerns that admission of attack would only encourage the hackers.
Yet, they said that their silence should not be interpreted as an admission or denial of being attacked. The University of Oxford, for instance, stated that “a successful attack [on them] would then be regarded in criminal circles as a noteworthy achievement, particularly in view of Oxford’s high public profile.”
Click here to view original web page at www.bleepingcomputer.com
