“If they think a particular sector is particularly profitable, they will get into it again and again and again,” Mr Callow said. Schools need to take precautions such as implementing multi-factor authentication and promptly installing security updates, he said.
Last year, 1,043 schools in the United States fell victim to ransomware attacks Emsisoft analysis. Of these, 26 were colleges or universities.
Henry Stover, president and CEO of the Association of Governing Councils of Universities and Colleges, said the technology “touches almost every part of the academic enterprise,” including financial and health information for students and faculty, as well as data on donors. The loss of that data could be devastating, he added.
Austin Berglas, global head of professional services at BlueVoyant, a New York-based cyber defense company, said the average cost of a ransom attack aimed at a college or university is about $ 115,000, which is little compared to other sectors. Colonial Pipeline, a critical fuel pipeline operator on the East Coast, paid $ 5 million to recover data that was stolen during last year’s ransomware attack.
The decision to pay depends on factors, including whether the target institution detected and stopped the violation in a timely manner, Mr Berglas said.
An attack in November 2020 on Baltimore County public schools in Maryland forced the system to shut down for three days and erased data, including grades and lesson plans. In November, the cost of repairing the damage from the attack approached $ 10 million branch NPR WYPR. What were the requirements and whether the ransom was paid, the district does not say.
Some victims, such as Florida County Public School in Florida, the country’s sixth-largest, have publicly refused to pay. In March 2021, hackers demanded $ 40 million to prevent the release of confidential information, including financial contracts and social security numbers. A month later, cybercriminals posted about 26,000 files online, according to The South Florida Sun Sentinel.