UK universities targeted in wave of ransomware attacks

Freedom of Information requests reveal how universities are being targeted by ransomware extortionists

Universities in the UK are being targeted in a wave of ransomware attacks, with one university on the receiving end of at least 21 in just one year.

The news was revealed via a string of Freedom of Information (FoI) requests filed by security company SentinalOne.

It submitted FoI requests to 71 universities across the UK and found that 63 per cent admitted being targeted by ransomware, while 56 per cent had been attacked at some point in the past year.

Thirteen of the 71 universities contacted refused to answer because it could damage their "commercial interests", while two indicated that they don't even have any anti-virus software in place that ought to prevent such attacks.

The worst affected university is Bournemouth, which was the victim of 21 attacks in the past year.

Jeremiah Grossman, chief of security strategy at SentinelOne, described the situation as "deeply concerning".

He continued: "The fact that all but one of those suffering a ransomware attack had an anti-malware solution installed confirms the abject failure of traditional solutions to protect against the new virulent strains of ransomware."

Fees demanded to decrypt data ranged from £77 to £2,299, usually in bitcoins. Only one university, Brunel, contacted the police about an attack.

However, despite the damage ransomware attacks can cause, not one of the universities that responded to the FoI requests said they had ever paid a ransom. This is perhaps surprising as many organisations, including police forces, have paid up to minimise the impact.

Grossman was a tad sceptical of these responses, although he suggested that if ransoms were not being paid, it could be that those behind the attacks have other motives than merely making money.

"The fact that 65 per cent of those universities suffering an attack were the victim of repeated attacks, where no ransom was [allegedly] paid, may prompt us to question the motives of the adversary as more than purely financial," he said.

The scourge of ransomware is affecting all types of end users. A survey earlier this year found that the majority of UK companies have been hit at some point by ransomware and that many have paid out to regain access to files.

However, there are efforts to fight back. Intel Security, Kaspersky Lab, Europol and the Dutch National Police recently teamed up to launch the No More Ransomware portal in response to the rising threat.