A ransomware attack last spring at Simon Fraser University (SFU) reportedly compromised the personal information of about 250,000 students, faculty and alumni. The bad actors breached a database that contained the personal information of every person who joined the school before June 20, 2019.
The information included student and employee identification numbers, full names, birthdays, course enrolments and encrypted passwords. Accounts were also linked to staff and retirees.
The school had previously faced similar ransomware attacks, but not of this scope. Data from web forms was compromised, including online applications for teacher assistant positions, financial aid advising and admission deferral requests.
“We are seeing an uncommon but increasing trend of cybercriminals carrying out ransomware attacks by not only encrypting organizations’ systems but compromising and stealing data in the process while the security team is distracted. Only a small percentage of ransomware attacks take this extra step today, likely because it increases the risk of detection and identification of the attacker. The ones that do take this route, like in the case of the Simon Fraser University, are likely motivated by the extra profit they could gain by selling the data on the Dark Web," says Torsten George, cybersecurity evangelist, Centrify.
George goes on to offer a few tips to minimize the exposure of ransomware. "Overall, there are a few basic steps that an organization can take to minimize their exposure to ransomware attacks. First, implement security awareness programs to educate employees on how ransomware is being deployed and how to avoid spear-phishing attacks. Frequently update anti-virus and anti-malware with the latest signatures and perform regular scans. Create an application whitelist, allowing only specific programs to run on a computer. This should include the disabling of macro scripts from Microsoft Office files transmitted over email. And finally, back up data regularly to a non-connected environment and verify the integrity of those backups regularly," he says. "In addition, to prevent bad actors from accessing critical systems, infrastructure and sensitive data, an effective privileged access management solution using a Zero Trust approach is key. By verifying who is requesting access, the context of the request, as well as the risk of the access environment, organizations can minimize the impact of a ransomware attack and prevent malware from spreading through a network.”