Campus Review Volume 27. Issue 10 | October 17 | Page 29

workforce
campusreview.com.au
Your money
or your files
Australian universities are
becoming prime targets for
ransomware. Here are seven tips
to help you protect your data.
By Sean Duca
A
ustralian universities possess a
massive amount of valuable data
and information, and they rely
heavily on technology for all aspects
of their operations. Given this target-
rich environment, it’s no surprise that
universities are increasingly being attacked
by ransomware hackers.
Ransomware is a type of malware that,
once activated, locks key documents so
they can no longer be accessed unless the
victim pays a ransom. The ransom itself is
usually carefully set to be affordable for the
victim, making it look like paying up is, in
the long run, a reasonable option.
While there can be a strong temptation
to simply pay the ransom and retrieve
the locked documents, it’s important for
education institutions to realise that paying
the ransom could do more harm than
good. Victims who pay the first time only
encourage attackers to hit them again,
since they have proven themselves a
lucrative source of income.
Furthermore, hackers will often sell the
data they’ve encrypted, so simply paying
to regain access to the documents doesn’t
completely mitigate the problem.
Ultimately, paying the ransom may boil
down to a business decision based on the
time and effort required to restore files
from backups versus the cost to obtain the
decryption key from the attacker.
Globally, universities are experiencing the
same risks, with 63 per cent of UK-based
universities being targeted by ransomware.
In May 2017, Chinese authorities said that
66 of the country’s universities were affected
by the global WannaCry ransomware attack.
Education institutions will also
remember the CryptoLocker ransomware
attacks that silently encrypted files on
Windows computers, along with files on
any connected network storage or USB
device. A number of Australian universities
were hit by the malware attack.
There are seven key ways educational
institutions can protect themselves from
ransomware:
1. Conduct regular backups of data
on PCs, shared drives and any other
storage systems.
2. Verify the data on the backup system
to ensure there are no surprises when
restoring is required. This should
already be a recurring practice as part
of business continuity plans, but it’s
worthwhile to validate this, since viable
backups are integral to any ransomware
remediation actions.
3. Scan and block suspicious files (such
as portable executables) in all inbound
email or web-browsing sessions.
4. Prevent the ingress of malware by using
intrusion prevention systems (IPS) for
known threats and sandbox analysis for
zero-day threats.
5. Block outbound traffic to malicious
URLs or sites, which may be part of
the attack lifecycle for ransomware.
Once the malware enters the
network, it must exit again to deploy its
payload, so blocking outbound traffic
is crucial.
6. Prevent exploits and malware execution
on PCs and servers with endpoint
protection capabilities above and
beyond antivirus and host IPS.
7. Contain any threats by segmenting
the internal network to limit lateral
movement and to minimise the fault
domain.
It’s important to know that a ransomware
attack is the canary in the coalmine: it’s a
warning sign that a university’s security is
not up to scratch. It’s crucial to react quickly
and calmly to ensure another attack doesn’t
occur. Simply paying the ransom will not be
the end of the attack, so IT teams should
revert to backed-up information and tighten
security immediately.
Australian universities also face a
duty of care for students to ensure they
are protecting their information from
ransomware threats. It is crucial that
universities implement measures to
help prevent ransomware threats from
happening.  ■
Sean Duca is vice-president and regional
chief security officer, Asia Pacific,
Palo Alto Networks.
27