Howard University announced on Monday that it has been hit with a ransomware attack, forcing the school to shut down classes on Tuesday, according to a statement from the prominent HBCU.
The school said that on September 3, members of their technology team noticed “unusual activity” on the university’s network and shut it down in order to investigate the problem. They later confirmed it was a ransomware attack but did not say which group was behind the attack.
“The situation is still being investigated, but we are writing to provide an interim update and to share as much information as we safely and possibly can at this point in time, considering that our emails are often shared within a public domain,” Howard University said in a statement.
“ETS and its partners have been working diligently to fully address this incident and restore operations as quickly as possible; but please consider that remediation, after an incident of this kind, is a long haul — not an overnight solution.”
The school has contacted law enforcement and is working with forensic experts on the issue. They claim there is “no evidence of personal information being accessed or exfiltrated” but noted that the investigation is ongoing.
The school was forced to cancel all classes on Tuesday in order to address the issue and the campus is only open to essential employees. Even the campus Wi-Fi is down. They noted that some cloud applications will remain accessible to students and that they will continue to update students and faculty at 2pm each day.
“This is a moment in time for our campus when IT security will be at its tightest. We recognize that there has to be a balance between access and security; but at this point in time, the University’s response will be from a position of heightened security,” the school added.
“This is a highly dynamic situation, and it is our priority to protect all sensitive personal, research and clinical data. We are in contact with the FBI and the D.C. city government, and we are installing additional safety measures to further protect the University’s and your personal data from any criminal ciphering. You will receive additional communications from ETS over the course of the next few hours and continuing into the next few days, especially surrounding phishing attempts and how to protect your data online beyond the Howard University community.”
Howard University becomes yet another major educational institution to face a ransomware attack.
Emsisoft researchers found that there was a 388% increase in successful ransomware attacks on the education sector between the second and third quarters of 2020.
Comparitech researchers Rebecca Moody and George Moody found that there have been a total of at least 222 ransomware attacks affecting 3,880 schools and colleges since 2018.
“Schools and colleges have suffered an estimated 1,387 days of downtime due to ransomware attacks with around 9,525 days spent on recovery efforts. 22 schools/colleges revealed the amount involved in their recovery efforts with nearly $19.2 million spent by these entities in total,” the researchers explained.
“This is an average of nearly $960,000. Ransom requests varied from $5,000 to $40 million. Hackers have received at least $2.95 million in ransom payments with the average payment being $268,000. Hackers have requested at least $59.1 million in ransom payments with the average request being $2.47 million.”
According to the report, there have already been at least 39 reported ransomware attacks on educational institutions this year, and these figures do not include the Kaseya attack, which affected a number of universities tangentially.
Emsisoft threat analyst Brett Callow put the number even higher for 2021 at 62 US educational institutions that have been hit with ransomware.
Cerberus Sentinel vice president Chris Clements said educational institutions and especially universities are popular targets for ransomware gangs because they are typically soft targets for cybercriminals to penetrate and have sprawling, disparate technology projects that can remain unpatched or orphaned with no centralized oversight by IT.
“Overly permissive access and permissions is another common issue in high education organizations that can easily be exploited by attackers if they gain access to a single user account. Secondly, ransomware gangs know that universities, despite being famous for budget issues, can produce huge amounts of money to pay ransoms when forced to,” Clements said.
“This combination of relative ease of compromise and high ability to pay out extortion demands make universities incredibly lucrative targets for cybercriminals.”
Tim Erlin, vice president of strategy at Tripwire, told ZDNet that universities are tough environments to secure.
“Their populations vary greatly over the course of a year. They accept all kinds of devices into their networks, both from staff and students. And they change out their users at a high rate as students graduate and matriculate,” Erlin explained. “Not many other IT organizations have to deal with all of these factors.”