Ransomware attacks

Ransomware28 June, 2022

What is ransomware?

Ransomware is a form of malware (malicious software) used by attackers to gain access to your data, which is then encrypted and rendered useless until a ransom is paid. Ransomware attacks are on the increase and have become an increasingly common threat faced by universities and other organisations of all kinds.

A notable example of an institution which has been affected by ransomware is the University of California at San Francisco, which paid $1.14 million to regain access to their data in 2020.

How does ransomware work?

The attackers start by gaining access to a network, deploying a code to decrypt the data, and finally demanding a ransom in exchange for the decryption keys. There are cases where attackers have demanded a greater amount of ransom after finding out that the data is highly sensitive or not provide the decryption keys even once the ransom has been paid. Therefore, user awareness and a strong network infrastructure are key aspects of an organisation’s defence against ransomware.

How can we prevent LSE from being affected by ransomware?

While it is impossible to entirely ensure that LSE will not be attacked by ransomware, there are measures which can both reduce the chances of this happening and mitigate the effects if it does happen.

1) Backup your data!

  • Regularly backup your data and check that you know how to access these back-ups.

  • Hackers actively look to encrypt data back-ups to increase the likelihood they will receive payment. Keep your backed up data in a separate location (network) to the original data. This could mean an offline backup, or in cloud services. Ideally, you should keep multiple back-ups in multiple locations.

  • If you are using cloud services to back up data, ensure that it does not automatically update back-ups when the original data is changed. If this is the case, then in the event of a ransomware attack, the backups will automatically become encrypted.
  • If you are restoring any data from back-up locations, scan it for malware first.
  • You can read more about how to back-up your data from NCSC’s website

 2)    Be cautious!

  • When you receive an email that you are not expecting or that looks suspicious, forward it to phishing@lse.ac.uk so that we can check it for you.
  • Carefully check any links that you are clicking and webpages that you are redirected to.
  • Use a VPN when connected to non-LSE WiFi, and especially when you are using public WiFi. A VPN, virtual private network adds anonymity to a user when browsing webpages. VPNs don’t protect you from viruses themselves, or malicious attachments, but they can help prevent your credentials from being harvested by attackers lurking on insecure networks.
  • Make sure all data is being handled with the rule of least privilege - this means only giving access to those who require it. Continuously review who has access to what data and adjust according to requirements of the rule of least privilege.
  •  Update your devices regularly because old versions of software have known vulnerabilities which criminals can exploit.
  • Download an anti-virus software on to your devices. We would recommend Avast or Malwarebytes.
  • Finally, make sure you have completed the Cyber Security course on Moodle!

In the case of a suspected ransomware attack, you should immediately disconnect the device from all network connections, turn it off, and then inform the cyber security team about the incident immediately so that we can advise you further.

Please contact dts.cyber.security.and.risk@lse.ac.uk or phishing@lse.ac.uk for further questions and support

 Here are a few more helpful links: