The wave of ransomware attacks targeting North America’s schools and universities hasn’t stopped yet. 2016 was a very busy year for cyber criminals:
- University of Calgary paid about $20,000 to have data and systems unlocked after a ransomware infection.
- Ottawa’s Carleton University was targeted by a ransomware attack that impacted the information hub for course registration, admissions, payroll and other administrative services.
- Horry County Schools in South Carolina paid around $10,000 as a consequence of a ransomware attack that locked files across the network.
Only recently, Los Angeles Valley College admitted it paid $28,000 to regain access to key systems after being hit by a ransomware attack that locked access to the campus’s computer network, email, and voicemail systems.
Paying the ransom is never the best option
Although many companies don’t see any other solution than paying the ransom to regain control of their systems, the FBI strongly advises organizations not to follow this approach. Paying the ransom does not guarantee that cyber criminals will hand over the decryption key, and it is never a good idea to make a deal with criminals.
Ransomware and phishing come as a pair
Whether part of a targeted or random attack, ransomware usually comes from phishing emails. As soon as the recipient clicks a malicious link or opens a virus-infected attachment, the ransomware locks the end-point and – if it’s able – the entire system.
Here are a few suggestions to help protect your organization:
- Regularly back up data
- Secure your backups
- Educate your staff
By implementing an awareness and training program you can make sure your staff are aware of the risks they may encounter while doing their job and, more importantly, you can be assured that your staff understand and follow policies, procedures, and best practices about information security and cybersecurity.