SUMMARY
This is AI generated summarization, which may have errors. For context, always refer to the full article.
A recent white paper by cybersecurity firm Sophos detailed how the education sector was one of those hardest hit by ransomware attacks.
Ransomware is a type of malware which prevents users from accessing their system, usually through the locking of a computer’s files or of the system itself, until a ransom is paid to unlock the affected systems.
The survey, titled “Sophos State of Ransomware in Education 2021,” polled 5,400 IT decision-makers, and included 499 education IT managers in 30 countries across Europe, the Americas, Asia-Pacific, Central Asia, the Middle East, and Africa.
Sophos found that among the surveyed educational organizations, 44% had been hit by a ransomware attack.
Among those hit by a ransomware attack, 58% said the attackers succeeded in encrypting the organization’s data. Meanwhile, 35% of the organization who had their data encrypted paid the ransom to get their data back in the most significant ransomware attack they encountered.
While the average ransom payment of US$112,435 was lower than the global average of US$170,404, the organizations who paid to get their data back only got back around 68% of their data, with only 11% getting back all the encrypted data.
Of course, the payment of the ransom isn’t the total cost incurred for trying to recover from a ransomware attack. Sophos said the average bill for rectifying a ransomware attack in the education sector – if downtime, people time, device cost, network cost, lost opportunity, the ransom being paid, and other issues are considered – was about $2.73 million, or the highest across the business sectors surveyed by the cybersecurity firm.
Of the educational organizations queried, 55% used backups to restore data after being attacked, while 90% of these organizations had a malware incident recovery plan in place in the event of an attack.
Sophos recommendations
Sophos made a short list of recommendations for educational organizations to take note of in the future considering the prevalence of ransomware attacks in the sector.
Organizations should assume they will eventually be hit by a ransomware attack and should have a malware recovery plan in place for the eventuality.
As such, they should have data backups, and Sophos recommends a “3-2-1” approach for backups. Said the firm, “You should have at least three different copies (the one you are using now plus two or more spares), using at least two different backup systems (in case one should let you down), and with at least one copy stored offline and preferably offsite (where the crooks can’t tamper with it during an attack).”
Organizations should also use layered protection to block attackers at as many points as possible across an organizational computing environment, preventing them for accessing the network. They should also combine having human experts with anti-ransomware technology so while the experts can check for telltale signs of attack, the technology can be used to help automate and inform the process further.
Sophos also recommended not paying the ransom, given that you’ll likely only get up to two-thirds of your data back.
Said the cybersecurity firm, “We know this is easy to say, but it’s far less easy to do when your organization has ground to a halt due to a ransomware attack. Independent of any ethical considerations, paying the ransom is an ineffective way to get your data back. If you do decide to pay, be sure to include in your cost/ benefit analysis the expectation that the adversaries will restore, on average, only two-thirds of your files.”
The full report by Sophos is available here. – Rappler.com
Add a comment
How does this make you feel?
There are no comments yet. Add your comment to start the conversation.