University College London hit by ransomware attack following May’s WannaCry episode

Only a month after the WannaCry attack that affected around 250,000 networks across the world, it seems that ransomware is back in the headlines again with an attack on University College London, one of the largest universities in the UK with over 10,000 employees and nearly 40,000 students. The attack affected its internal shared drives and resulted in several NHS Trusts in the UK shutting down their own servers as a precaution.

UCL first reported the attack on Wednesday with the Information Services Division (ISD) posting that “UCL is currently experiencing a widespread ransomware attack via e-mail. Ransomware damages files on your computer and on shared drives where you save files. Please do not open any e-mail attachments until we advise you otherwise. To reduce any damage to UCL systems we have stopped all access to N: and S: drives. Apologies for the obvious inconvenience that this will cause.”

To help reassure those at the university who rely on access to the shared drives, the ISD later added that: “We take snapshot back-ups of all our shared drives and this should protect most data even if it has been encrypted by the malware. Once we’re confident that the infections have been contained, we will then restore the most recent back-up of the file.”

Having an effective back-up programme is one of the best ways in which to protect against the impact of a ransomware attack. If data is backed-up and the organisation experiences a ransomware attack then that ransomware can be isolated and cleaned from the network, with all data then restored from the back-up. It’s not necessarily an easy process, but it means that the organisation doesn’t lose all of its data and doesn’t pay a ransom.

Unlike WannaCry which was reported to have infected systems using out-of-date software, this attack on UCL was the result of users clicking on a malicious link. First it was reported to be the result of a phishing e-mail, but later it was confirmed to be the result of users accessing a compromised website.

It’s this type of activity that featured so prominently during Business Continuity Awareness Week 2017, with a report published by the Business Continuity Institute demonstrating that each and every one of us can take simple steps to improve cyber security. One of those steps is to exercise more caution when clicking on links.

“It’s encouraging to see that, once again, the potentially damaging impact of a cyber attack has been prevented by UCL having processes in place to deal with the threat,” said David Thorp, executive director of the BCI. “This is business continuity in action, and while it may not prevent the disruption in its entirety, it ensures that it doesn’t escalate further into a crisis.”

Bolstering human defences

Sarah Janes, managing director at Layer 8, explained: “Following UCL falling victim to a ransomware attack, the time is now for universities to acknowledge they’re at risk and bolster their human defences. Pinpointing the specific risk is always key to determining the preventative measures that organisations need to take. Risk defines both the most valuable assets an organisation holds and the vulnerabilities in its defences. Universities hold valuable data on each individual student which, if accessed by criminals, could damage their financial and reputational status.”

Janes continued: “Employees need to have a clear and informed understanding that a critical aspect of their job role is now guarding data and defending their business assets from criminals. There’s only one way in which to instil a strong human factor cyber security presence in large organisations such as universities and that is to integrate security into every meeting, every appraisal and every planning session. Security needs to be on every agenda.”

Emboldening this theme, Janes observed: “Security advocate networks are an excellent starting point. A strong and proactive culture which spreads Best Practice behaviours throughout the organisation is essential. Given the opportunity to talk, share anecdotes, learn from each other and access resources to find out more, people fuel the conversation and facilitate its spread across the organisation. This model is particularly suited to the university environment where effective communication is the daily currency of an organisation.”

In conclusion, Janes told Risk UK: “It’s the individual that’s never really had the opportunity to give any serious thought to cyber security who’s the biggest vulnerability because they’re the one most likely to click on that link.”

About the Author
Brian Sims BA (Hons) Hon FSyI Editor, Risk UK Pro-Activ Publications

Related Posts