Howard University Ransomware Attack Disrupts Classes, Many Unknowns Remain
Federal officials warned of cyberattacks over the Labor Day weekend.
![Howard University Howard University](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blte82afde37bd09ca5/652445fdb7cd5394d0f18c9b/Howard-University.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Nigel Thorpe is technical director at SecureAge. He said ransomware attacks catch every organization off guard.
“Most believe that they have adequate IT security measures in place, including anti-malware and IT security training for end users,” he said. “The problem in the education sector is that the user population connected to the network includes a wide range of students with little experience in IT security. There is no shame in even the most experienced IT administrator being duped into falling for a carefully crafted phishing or social engineering attack, so ordinary users should certainly be forgiven.”
Damage from ransomware attacks is usually threefold once network access is gained, Thorpe said.
“Firstly, the cybercriminal will spend time exploring the targeted network, stealing any data they can find,” he said. “Information can not only be found on file shares and databases, but also on endpoint devices. Stolen data is frequently used as a part of the ransom demand. The data is effectively held hostage, with the threat of public release or of use in further criminal activity if the ransom is not paid.”
The second aspect of the attack is where the cybercriminal runs some malware that works its way around the network, transforming stored data so that it becomes useless, Thorpe said.
“This effectively shuts down IT systems across the organization and is usually a process that happens quickly so that administrators have little time to react,” he said. “Access to the key which unlocks the data is (sometimes) provided when a ransom is paid.
The ongoing cost is the third aspect of damage, Thorpe said. Even if the ransom is paid, there is significant time and cost involved in recovering all systems.
“Many organizations involve a third-party specialist to help in forensic analysis of the attack, systems and data recovery, and implementing measures that attempt to block further similar attacks,” he said.
Schools and other organizations frequently rely on IT system end users to make security decisions such as whether to open an email attachment, or whether a website link looks legitimate, Thorpe said. These are not decisions that most people should be making.
“Tools should be in place to block all unknown apps from running,” he said. “In the education environment, this may be impossible for students’ own devices, but the core network and systems of the school should be protected in this way. While student devices may then need to be recovered, the core school network will not be affected, so costs of recovery are then minimized.”
Organizations in general need to stop relying on end users to make security decisions, Thorpe said. They’re not qualified, they’re busy and have their day job to worry about.
“The common technology used to prevent ransomware and malware tries to identify bad stuff, whether it’s by signatures, patterns or behavioral analysis,” he said. “However these tools work, they rely on previous knowledge of what attacks look like. The problem is that cybercriminals are experts in innovation, so historical knowledge is no use for new, innovative attacks.”
Moreover, schools are a hot target because they tend to be less well defended than commercial organizations, Thorpe said. This may be due to funding, but the diverse student population is the easiest way in for the criminal.
“The ransom payouts may not be so great with schools but the outlay for the criminal in terms of time and money is also low,” he said. “Ransomware-as-a-service is easy to locate and low cost so the effort involved is minimal. But a successful attack is made more likely due to the lack of experience in IT security within the student population.”
Sam Curry is chief security officer at Cybereason. He said the Howard University attack is yet another reminder that no one is immune.
“It isn’t surprising that higher education institutions are targets, because they have wide attack surfaces that are oftentimes poorly secured,” he said. “With the start of a new semester and millions of students returning to college campuses, threat actors know that colleges are likely to quickly pay the ransom because they want to minimize damages caused by a prolonged lockdown. However, paying a ransom doesn’t guarantee a fast return to normalcy. In fact, a recent Cybereason study of more than 1,000 businesses showed that 80% of businesses that paid a ransom were hit by a second ransomware attack.”
Curry’s advice? If you can at all avoid it, don’t pay the ransom.
“In some cases, you can’t legally pay as with funding terrorism and organized crime, but it’s never a good idea to pay unless the cost of doing so affects human life, public safety or is existential,” he said.
Bob Rudis is chief data scientist at Rapid7. He said opportunistic ransomware events can happen at any time to almost any organization that is not fully prepared for them.
“We can expect more education institutions, municipalities and health care facilities to fall victim to these attacks throughout the coming months as attackers continue to capitalize on still near-bulletproof tactics and techniques,” he said. “It is vital that organizations work towards the goals outlined in the Institute for Security and Technology (IST) Ransomware Task Force report and make heavy use of free resources such as stopransomware.gov to shore up IT practices and help put an end to this scourge that is increasingly impacting more and more of our daily lives.”
Bob Rudis is chief data scientist at Rapid7. He said opportunistic ransomware events can happen at any time to almost any organization that is not fully prepared for them.
“We can expect more education institutions, municipalities and health care facilities to fall victim to these attacks throughout the coming months as attackers continue to capitalize on still near-bulletproof tactics and techniques,” he said. “It is vital that organizations work towards the goals outlined in the Institute for Security and Technology (IST) Ransomware Task Force report and make heavy use of free resources such as stopransomware.gov to shore up IT practices and help put an end to this scourge that is increasingly impacting more and more of our daily lives.”
Hackers chose Labor Day weekend to launch a ransomware attack against Howard University, one of the largest historically Black schools in the United States,
The ransomware attack shut down the campus Wi-Fi and the university canceled classes on Tuesday. In-person classes resumed Wednesday, but online classes remain canceled until at least Thursday.
“We are continuing our full assessment of all university academic, communications and service systems for vulnerabilities,” the university said in its latest update. “Our response committees are currently developing an isolated server environment that will allow protected online and hybrid instruction.”
Faculty, staff and students should expect audits concerning devices and access credentials associated with university work and operations.
“These audits will require sweeping of phones, laptop and other digital work tools, which may be susceptible to data breaching,” the university said. “All university usernames, email addresses and other login credentials will be verified for authenticity, access privileges, and activity. We will continue to keep you updated on expected timelines for the restoration of campus wireless access. We are working on standing up Wi-Fi in the safest environment possible.”
Labor Day Weekend Warning
Anne Neuberger
Last week, Deputy National Security Advisor Anne Neuberger warned of potential attacks over the long weekend. She said attackers may focus on SOCs that are understaffed or have fewer personnel on duty because of vacations.
“And indeed, a long weekend can sometimes make attackers feel they have extra time to navigate in a network before they are detected,” she said.
Hackers targeted Kaseya just before the July 4th weekend, and JBS USA, part of the world’s largest meat supplier, over the Memorial Day weekend.
The impact of the Howard University ransomware attack is still unfolding and students are receiving information via daily emails.
Scroll through our gallery above for cybersecurity experts’ comments on this ransomware attack.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like