Although Labor Day is in the rearview, some Howard University students and staff saw their time off extended this week. The reason: a ransomware attack that has left the school offline, even days later.
On Tuesday, the university announced that classes were canceled, its network was shut down and it was working on an ongoing investigation following “unusual activity” on the previous Friday. So far, Howard said that no personal information was exposed and it’s working to get things back up and running. As of Friday, campus Wi-Fi is still down and only in-person and graduate school classes have started back up.
The school is currently working to detect any additional vulnerabilities in its system and working on developing an isolated server environment for hybrid and online classes. Students and staff can also expect audits and sweeps of laptops, phones and other mobile devices.
“Please consider that remediation, after an incident of this kind, is a long haul – not an overnight solution,” Howard said in a statement addressing the incident.
But Howard is far from the only university that’s experienced a cyberattack in recent years, and it’s a concern for many. Matt Donahue, a compliance and risk analyst at technology solutions and IT services provider Sentient Digital, said that the issue is becoming so common because many campuses are unable to install strong enough security measures.
He noted, though, that patterns are emerging, including the fact that many of these attacks are occurring on holiday weekends, like Labor Day in this case. The solution comes down to both technology and people, he said.
“Ransomware attacks are still a relatively new form of crime, so many people do not understand the risks of such attacks…” Donahue told Technical.ly “As technological advances improve our understanding of the behavior of ransomware criminals, universities are advised to analyze when their systems may be more vulnerable and assign skilled IT staff accordingly.”
Chuck Everette, director of cybersecurity advocacy at cybersecurity and deep learning firm Deep Instinct, noted that in 2021 alone, there have been 29 reported major attacks on the education sector. This is up from 2020, when there were 32 for the entire year, he said, and 35% of the victims of these attacks with encrypted data ended up paying ransom demands, according to Everette. The University of California, Stanford University and Michigan State all experienced cyberattacks in 2021. The University of Utah and the University of California, San Francisco both admitted to paying ransoms following 2020 cyberattacks, as well.
This means colleges and universities are pretty lucrative targets, especially considering the huge amounts of data schools collect on students and staff.
“Educational targets can be lucrative for cyber criminals due to the double extortion tactics they are now employing,” Everette said. Not only are they encrypting and disabling the environments of the victim and then demanding a ransom to restore it, they are now extracting data from the victims’ environment and then demand additional ransom to not publicly release the information.”
Donahue said that, going forward, universities should be maintaining encrypted backups of all data, and regularly testing their usage. They should also be stored offline, he noted, because cybercriminals will look for and delete backup information. Schools will not need to pay ransoms if the data remains in their hands, he said.
He also said universities should be developing cyber response plans, regularly training staff in the procedures and conducting drills to ensure a smooth response in a real attack. This will help identify the most critical threats so leaders can put resources there first.
“Universities need to know the best way to prevent these attacks is to be prepared ahead of time,” Donahue said.
Everette agreed, noting that going into the Thanksgiving and holiday breaks, schools need to be on high alert for a potential attack.
“Based on past experiences, we can safely say we are going to see a lot more attacks during this time, and IT and security professionals will need to be even more vigilant over holiday breaks than in the past,” Everette said. “We cannot let our guard down.”