Cambrian college, a Canadian university based in Sudbury, Ontario, recently fell victim to a severe ransomware attack which disabled the majority of the functions and services designed for students and professors of the university.
According to the representatives of Cambrian college, the ransomware specifically targeted servers and databases of platforms used by students and professors throughout the school year. Although it is still undisclosed whether this attack was purposely carried out on the students and college faculty members, one of the faculty members told a local publication that the hacker behind the ransomware attack most likely had a full understanding of the school’s infrastructure and internal IT system.
“This was a very carefully planned attack. The virus knew exactly which program codes to hit and cause the most damage to the school’s reputation, student marks and records, student on-line work and presentations, all online courses, email servers, basically anything academic related. It did not strike Human Resources, Finance or Administration, far easier targets in general, and could tie the school up financially. This sounds more like revenge than a money grab,” the faculty member said.
For the most part, the claims of the faculty member is accurate. If ransomware encrypts the servers and databases wherein sensitive and confidential material of the college is stored, such as financial data and administrative information, it can have a much larger impact on the institution and could gain a better leverage to demand payments with.
However, by targeting the platforms used by students and professors, the hacker prioritized on the enforcement inconvenience to the school community. Due to the ransomware attack and the university’s decision to not settle the 30-bitcoin ransom payment, which is equivalent to around $45,000 at the time of reporting, most of the servers which students and professors rely on were encrypted and important information such assignment deadlines, grades and comments of professors were locked.
As a result, new deadlines were set and professors were asked by the university to re-grade the students accordingly.
Rick Daoust, chief information officer, Cambrian College, stated:
“Ransomware is a virus that installs itself on your system and it attacks any files that it can access and encrypts them so you can no longer open them. It asks for a payment in order to get a key so that you can access your files again. As of right now we have no knowledge of the origin of this hack but we know that it was a deliberate action that bypassed our security system.”
Daoust admittedly told BayToday, a Canadian publication, that one of the students attending Cambrian college was previously targeted by a ransomware attack in the past. However, the university did not closely investigate the case and dismissed it because it thought it couldn’t affect a larger ecosystem of servers and databases.
He further emphasized that the concept of ransomware and bitcoin payments are outside of the university and his area of expertise. Daoust confirmed with BayToday that the university and an investigative team will closely look into the case to ensure that such event does not occur in the future.
“It’s a bit outside of my area of expertise but these payments would be done through the dark web (a part of the web that is only accessible through special software, where users are anonymous and untraceable), so it’s not as simple as just tracking a payment address. We’re going to have to review our security once this is all sorted out and open an investigation to find out the source of this virus. We’ve never had to deal with something like this so I just want to thank students and staff for being patient while we work to get things back to normal.”
As DeepDotWeb reported in October of 2016, a new research initiative revealed the education industry is targeted the most by ransomware attacks. According to security ratings provider BitSight, 13 percent of education providers and institutions are hit with ransomware attacks on a regular basis. In order to build resilience toward these attacks, universities must ensure that databases, servers and files are backed up and secured.