In one of our previous articles, we talked about three cities in a single week that were held hostage to ransomware — and paid. Another recent, and major, victim is Monroe College in New York City. This time it’s a whopper, as the hackers who attacked the college’s IT system demanded nearly $2 million in Bitcoin. This is a significant increase from previous extortion demands, and experts warn that other institutions are now more vulnerable than ever to similar attacks.
How Did Ransomware Affect Monroe College?
The ransomware attack on Monroe College brought down its website and email system and created disruptions to online courses and operations at all three of the college’s campuses. The college hasn’t publicly stated if it paid the ransom, but while writing this, Monroe’s websites are now back and seem to be fully accessible.
How Was Monroe College Hacked?
Unfortunately, it is currently unknown which ransomware strain struck the college or how the attack was carried out. If the latest pattern holds, however, there’s a strong chance that it could have easily once again been a simple case of an employee opening an email and clicking on a malicious link. According to Bleeping Computer, it’s likely to be Ryuk, IEncrypt or Sodinokibi, which are known to target enterprise networks.
What Does the Future Hold?
To be perfectly honest, things are looking pretty grim right now. Ransomware technology is getting both stronger and more complex. And to make matters worse, the fact that ransoms are actually being paid is emboldening attackers to continue doing it — and for even higher extortions. In light of the attacks in the three Florida cities, Georgia and Baltimore in this year alone, this upward trend has led The United States Conference of Mayors to make a non-binding agreement to no longer pay ransomware demands. Additionally, the FBI discourages local governments from paying ransoms. The bureau says this only promotes more criminal activity, and it doesn’t necessarily mean those places will get their data back. The FBI also says most of these ransomware attacks can be prevented.
How Can You Protect Your Organization From Ransomware?
Ben Woelk, information security office program manager at the Rochester Institute of Technology, stated, “You need to train your community to recognize anything suspicious and report it ASAP.”
In addition, many colleges have started to use simulated phishing programs — deliberately sending fraudulent-looking emails to faculty, staff and students to see how they respond. Previously, many institutions were unwilling to take this approach because they didn’t want to “trick” their community, but according to Woelk, it’s increasingly seen as necessary. This may in fact be a good idea for your company, as well.
If you find yourself infected with ransomware, V2 Systems urges you not to pay the ransom. We’re not saying this because we want you to use our services to help you unlock your data and prevent this from happening in the future (although we certainly can help with that). Literally any alternative — even a competitor IT service — is a better option than giving money to criminals. Doing so will only make a bad situation much worse. And as much as that might increase our business, it’s not something we want to see. The cyber landscape is already dangerous enough.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION … We’ll handle the TECHNOLOGY!