Ransomware Resilience

Last updated: October 28, 2024
Audience: StaffResearchersIT Staff / Technical

Ransomware is a type of malware (malicious software) that cyber thieves and other adversaries use to infect computers, devices, and networks, and block access to data until a sum of money is paid. Ransomware attacks have impacted universities, businesses, hospitals, and public utilities worldwide.

Impact on universities

Security firm Sophos reports that average ransomware recovery costs for higher education institutions has skyrocketed to $4.02 million in 2024, up from $1.06 million in 2023, and 41% of organizations took more than a month to recover compared to 25% in 2023.

How do ransomware attacks occur?

After initial access through exploited software vulnerabilities, compromised credentials, or a successful phishing attack, adversaries may dwell on a university network and move from system to system, ultimately deploying malicious programs that lock up data and devices. In 2024, the most common root cause of attacks in the education sector has been exploited vulnerabilities in software, which occurred in 42% of cases. Compromised credentials was the cause in 23% of attacks, followed by malicious email (21%) and phishing (11%).

Phases of an attack

  • Initial compromise – Adversaries gain access to a system or environment, typically after a period of reconnaissance to identify weaknesses and vulnerabilities in university systems.
  • Persistence and defense evasion – The adversary gains access to a university’s networks, either through a successful phishing attack, a credential compromise, or by exploiting a software vulnerability.
  • Lateral movement – The adversary uses the initial access point to move to other systems and networks connected to the compromised device or network environment.
  • Encryption – Once inside the environment, adversaries will lock up or encrypt individual files, shared folders, devices, and/or multiple systems in the environment and demand payment, or a ransom, in exchange for a decryption key.
  • Data theft – Adversaries may also steal or exfiltrate data from compromised users or systems.
  • Impact – The affected organization suffers loss of access to data and systems, the threats of reputational harm and data exposure by adversaries, as well as recovery costs.

Keep UW data & systems ransomware resilient

Methods for avoiding ransomware attacks are consistent with best practices typically recommended for securing and protecting personal and UW institutional data, but backups are vital for mitigating recovery time and costs. So considering the root causes of attacks and the importance of backing up data, here are four ways to thwart attackers and prepare for quick recovery:

1. Keep software and systems updated and patched

  • Enable automatic updates on your operating system, and manually check if automatic updates are not available.
  • Review our Update & Patch guidance for more tips.

2. Protect your UW NetID credentials

3. Recognize and report phishing and other malicious emails

  • Be cautious of unsolicited emails, texts, or calls asking for personal information.
  • If you realize you’ve clicked a phishing link, contact help@uw.edu for guidance.
  • For personal computers, use Sophos antivirus software and keep it updated to protect against malicious software in phishing & malicious emails. UW community members can download Sophos for personal use free of charge.

4. Back up data and devices, and test and back up your backups

  • Regularly back up data to shared drives, cloud storage, and/or encrypted external drives.
  • Make sure backups can be restored quickly and test the restoration process regularly to ensure everything works before a security issue arises.

Find more tips on the Cyber Hygiene page.

Resources