Story by Anna Neil
Graphic by Denise Kyeremeh
In the age of technology, people are not the only ones who can be held hostage. Hackers are increasingly employing ransomware technology to obtain data and hold it for reward.
Over the past three years, three North Carolina colleges and universities have been hit by a ransomware attack. Guilford Technical Community College was attacked in 2020. In 2022, Guilford College and North Carolina Agricultural & Technical State University were attacked as well.
Ransomware attacks are on the rise. Verizon’s Data Breach Investigations Report indicates 25% of all breaches last year involved ransomware. In North Carolina, it’s even higher; 45% of reported breaches, according to the state’s data breach report.
So, what are ransomware attacks, and how can North Carolina’s institutions of higher education protect against them?
Ransomware in higher education
Ransomware is categorized under malware, or malicious software, according to the National Cyber Security Centre. Malware users can lock devices, steal or encrypt data, obtain credentials and more through this technology.
But, the uniqueness of a ransomware attack is the request for payment in exchange for data.
Tom Jackson is the vice chancellor for Information Technology Services and chief information officer at N.C. A&T. He said ransomware attackers typically encrypt data so it is no longer useful or accessible to the victim, pausing operations. Attackers then charge ransom for the data decryption.
“So, it’s just like an old-fashioned kidnapping, where you’re taking the person and holding them for ransom,” Jackson said. “In this case, you’re just taking data and holding it for ransom.”
Much of this information is gold on the black market, where attackers resell it. The data may include names, birth dates, social security numbers and bank account information.
However, in November 2021, North Carolina passed a law prohibiting local government entities and state agencies from paying ransomware attackers. This law prevents community colleges and The University of North Carolina from making payments.
UNC-Chapel Hill Chief Information Security Officer Paul Rivers said that, if institutions continuously pay ransoms, attacks will continue.
“If they don’t get paid, it will start to deter these kinds of crimes,” Rivers said. “That’s not all it’s gonna take. There’s gonna have to be a whole lot more besides, but I’m just not in favor of paying that ransom. It just encourages them.”
According to Sophos’ State of Ransomware in Education 2022 report, of the higher education institutions across 31 countries that paid ransoms in 2021, only 2% got the entirety of their data back after paying. On average, 61% of the data was restored after paying.
“All you need is one”
In fall 2016, Will Pizio and Chafic Bou-Saba started the Computing Technology and Information Systems Department at Guilford. The Charles A Dana professor of justice and policy studies felt the school was several years behind in creating this major, but that it was a good fit for Guilford.
At institutions of higher education, Pizio cited the multitude of personal information and likelihood of students, faculty and staff to click on links as reasons for ransomware attacks.
He said students, faculty and staff often do not pay attention to the links they click, making them an easy target. These links may be embedded in an email, sent by a hacker impersonating administration.
“Once they click, they still gotta get past defenses,” Pizio said. “It’s not like, once you click on the link, it opens you up to the labyrinth of college. You’ve gotta get through the defenses still; you’re past a couple layers of the onion by the time you do that.”
Rivers also cited the openness of research institutions — by nature — as a reason for their vulnerability.
“We want the broad use of technology, we want lots of experimentation, we want collaboration, we want all of that,” he said. “But a lot of that makes the challenge of securing that technology more difficult.”
Guilford has approximately 1400 students, but it doesn’t take all 1400 for a ransomware attack to occur.
“All you need is one who’s not paying attention for a split second,” Pizio said.
Leaked credentials are another key component of many ransomware attacks. As institutions try to keep up with cybersecurity, individuals are constantly logging into sites or using weak passwords. One way to avoid the harvesting of credentials is to use multi-factor authentication.
How to stay safe
For individuals, Pizio recommended creating strong passwords, avoiding clicking on links that may not be safe and keeping financial information off one’s phone.
“And part of the reason is, computers have a very long history of getting better and better security,” Pizio said. “Phones are brand new. And, you know, we click on things very, very quickly on phones.”
For colleges and universities, protecting against cyberattacks comes down to planning, according to Rivers. It is important to have the ability to detect a ransomware attack as it’s happening, playbooks for responding to attacks and 24/7 monitoring and coverage, he said.
“There’s a lot of discussion over, or preparatory work, to make sure you have log sources, to be able to understand what exactly happened, make sure you have appropriate backups that are offline and not accessible to an attacker,” Rivers said. “So, if you do need to restore, you’re able to restore, you don’t need that encryption key to get your data back.”
But, at the end of the day, Rivers stresses the importance of getting ahead.
“When you have the event, it’s kinda too late,” he said. “You know, and if that’s the first time you’re thinking about your plan, it’s gonna be a real mess.”
