The Threat of Ransomware and Ways to Prevent It
Higher education institutions, IT organizations and information security teams have a significant number of potential information security risks they need to manage, not to mention the compliance and audit related activities needed to support their institutions. It's a difficult position for many and is only further made more difficult by budget restrictions in higher education. The increase in the risk from ransomware and distributed denial-of-service DDoS attacks has received significant attention over the last year and has spurred many campuses to adopt new security controls and add additional tools to protect their institutions.
Ransomware is typically installed on a system or computer with the intent to disrupt or block access to data. A ransom is then requested for access to be restored. In some regards, ransomware is not dissimilar from other malware and virus encountered by end users or security proffessions. However, ransomware has received significant attention because of the high profile attacks in higher education, healthcare and elsewhere.
Higher education could be susceptible to ransomware attacks for many different reasons, especially because one of the most valuable resources a university has is their faculty,staff and intellectual property. Many information security teams have focused on protecting the confidentiality of their data as the highest risk because of the resource challenges they face on a daily basis. They haven't ignored the integrity or availability aspects of protecting the data, but have had to focus on the highest risk areas. This has led to some difficulties when an institution is targeted with ransomware.
Most university information security teams have incident response planning as a core component of their information security planning. They will have incident response plans for many different scenarios like compromised accounts, servers, or endpoints, but may not have planned at the level of detail for protecting against and responding to a ransomware attack. There are general resources in the community for institutions developing protection and response plans for ransomware attacks. The FBI has a ransomware brochure and University of California Berkeley has a good FAQ.
Some institutions have designed their systems or encouraged their institutions to store data on shared file servers, cloud storage systems, or implemented endpoint backups. Encouraging people to store data on file servers or cloud storage systems makes it easier to share data and puts the data in a place that can be secured. Once the data has been saved to a file server, or even potentially the cloud storage system, the institution needs to backup the data to protect it along with securing the file store. Endpoint backup has been less common because of the cost and management challenges. Given the potential impact and costs from ransomware, an institution may want to perform a table-top incident response exercise, which includes determining if any sensitive data was exposed to determine potential costs from responding to a ransomware incident and determine how to best manage that cost and risk. Educause has a table top Contingency Planning Virtual Event in August to work through a disaster recovery exercise as an example. The increase in the risk and costs from ransomware might drive some institutions to look into new security controls to manage this risk.
Campuses that are interested in a solution for endpoint backup as part of protection and response from ransomware attacks can turn to the NET+ portfolio for help. The portfolio includes NET+ CrashPlan, which is a good option for institutions investigating endpoint backup as a response to ransomware attacks. CrashPlan makes laptop and desktop protection and file recovery simple and secure for higher education. While running silently in the background, CrashPlan continuously protects data created and stored on faculty, staff and student laptops and desktops, automatically backing up data to the destinations of your choice—a private, public or hybrid cloud. Once ransomware is detected, you can select the version of the encrypted files backed up prior to the ransomware and CrashPlan can be used to restore the encrypted files to significantly reduce the impact and loss.
During NET+ service validation, several member universities developed a unique offering for higher education through the NET+ program. CrashPlan integrates with the InCommon federated identity management program and utilizes the Internet2 Network infrastructure to give members high performance and endpoint backup benefits fine-tuned for the unique needs of higher education. Please contact Sean O’Brien if you have any questions about NET+ Code42 CrashPlan or Nick Lewis if you have questions about the NET+ Security and Identity portfolio.
Paul Howell and Sean O’Brien also contributed to this post