Widespread Ransomware Attack Targets Stanford University and University of California

The authorities at the University of California and Stanford University have confirmed the news of a widespread ransomware attack that has targeted them.

The attack used a vulnerability in the third-party secure file transfer application Accellion. According to CBS, officials at the University of California have revealed that the attackers published online screenshots of personal information.

Further, it was reported that the medical school of Stanford University was targeted by this attack.

“Stanford University School of Medicine has learned that cyber criminals have claimed they have stolen some School of Medicine data as part of a cyber incident affecting a third-party file-sharing service, called File Transfer Appliance (FTA), provided by Accellion Inc. The breach was part of a larger national cyberattack on universities and organizations that use the Accellion FTA.”

“We are investigating this incident and we have reported the incident to law enforcement. We are working to determine whether individuals’ personal data has been affected, and we will notify any affected individuals.”

Furthermore, the University of California has also confirmed that they have received emails threatening to publish the data. In their view, this is being done to force them to pay the ransom.

According to an update, in this case, it has been found that this cyber attack affected 300 organizations which include universities, government institutions, and private companies.

Many other schools have reported cyber attacks recently. This list includes Yeshiva University, University of Maryland, University of Colorado, and the University of Miami. In the majority of these cases, personal data was stolen using the same method — exploitation of a vulnerability in the Accellion file transfer service.

Cyber Attacks Targeting Educational Institutions: A Rising Trend

As coronavirus has tightened its grip over the world, organizations have been forced to go virtual. This has its own advantages but it needs alertness and vigil for ensuring that organizations don’t lose chunks of information and money to cyber attacks.

Cyber criminals are looking for opportunities to take advantage of the lack of cyber security awareness and urgency of work. Video conferencing apps are spoofed and used for phishing attacks. Sometime back, there was news that cyber criminals have started impersonating popular videotelephony app Zoom for carrying out phishing attacks.

Furthermore, the University of California San Francisco admitted to having paid $1.14 million in Bitcoin to recover encrypted files after a ransomware attack in June 2020. This doesn’t end here. A 2020 poll that included 103 higher education institutions from the UK revealed the following details:

What Makes the Education Sector a Lucrative Target for Cyber Criminals

As educational institutions have almost negligible tolerance for disruption and delay in routine work, along with inadequate knowledge and measures, they end up being an attractive target for cyber attacks.

Apart from this, educational institutions store immense amounts of data of their staff and students. Any manipulation or theft of such data can bring down their whole system. Therefore, educational institutions become particularly vulnerable to ransomware attacks.

Cyber attacks on educational institutions can also be a part of attempts to disrupt or delay or terminate ongoing research on an important subject by an enemy country. As the importance of educational institutions grows, the threat of cyber attacks on them grows alongside.

Defending Against Cyber Attacks

With the rising incidents of cyber attacks on educational institutions, they are left with no options but to prepare a defense against these attacks. Any cyber security expert will tell you that anti-virus software is not an all-in-one solution to your cyber security problems. Ensuring a robust cyber security arrangement requires a multidirectional approach.

Mentioned below are some security measures that educational institutions can adopt in their efforts to save themselves from cyber threats:

Conclusion

As it can be seen from the recent ransomware incidents that involved Stanford University, the University of California, and many others, it’s become a necessity for educational institutions to adopt a proactive approach towards cyber security. Prevention rather than mitigation should be the way to go forward.

What would be your advice to educational institutions facing the risk of cyber attacks on securing their data and systems?

We are cyber security solutions providing firm, helping a diverse range of industries globally to strengthen and secure the triad of People-Process-Technology.