Information Technology

Written by

Aimee Chanthadavong, Senior Journalist

Aimee Chanthadavong
Senior Journalist

Since completing a degree in journalism, Aimee has had her fair share of covering various topics, including business, retail, manufacturing, and travel. She continues to expand her repertoire as a tech journalist with ZDNet.

Full Bio

Image: Getty Images
Elon Musk has described Twitter’s decision to permanently suspend former US President Donald Trump from the social media platform as a “morally bad decision” and “foolish in the extreme”, adding that he would reverse the ban. “I would reverse the permanent ban,” said Musk at the Financial Times conference. He added that banning Trump was “a mistake because it alienated a large part of the country” and that it “it didn’t end Trumps voice”, rather it only amplified it among the right, which is why the ban was “morally wrong and flat-out stupid”.”Now, that doesn’t mean that somebody gets to say whatever they want to say if they say something that is illegal or otherwise just destructive to the world then should be perhaps a passive timeout, a temporary suspension, or that particular tweet should be made invisible or have very limited traction,” he said.”But I think permanent bans just fundamentally undermine trust in Twitter as a town square where everyone can voice their opinion.”Read: Twitter founder Jack Dorsey regrets playing a role in centralising the internet According to Musk, who struck a deal last month to buy Twitter for $44 billion, his views are shared by Twitter founder Jack Dorsey.  Twitter made the decision to permanently suspend Trump’s account on 8 January 2021 after he published inflammatory tweets that encouraged rioters to attack the US Capitol. Musk also noted during the FT conference that Twitter needs to be “much more even-handed”. “It currently has a strong left bias because it’s based in San Francisco … this fails to build trust into the rest of the United States and also perhaps in other parts of the world,” he said. See also: No, Elon, Twitter will never be a platform for ‘Free Speech’ Musk also envisions that his plans for Twitter will revolve around building trust by making the platform’s algorithm open-source. “I would literally put the Twitter algorithm on GitHub and say, ‘Hey, anyone want to suggest changes to this? Please go ahead’,” he said. “You really want transparency to build trust and any sort of adjustments to tweets or any human intervention with any account on Twitter should be highlighted as a Twitter person took the following action with your account or with this tweet, so that you’re not sitting there in the dark wondering, ‘Why did this tweet not get any attention?'” The remarks by Musk follows a similar message he delivered when he announced his billion-dollar deal with Twitter where he described “free speech” as the “bedrock of a functioning democracy, and that “Twitter is the digital town square where matters vital to the future of humanity are debated”. Despite Musk’s stand for free speech, a filing revealed last week that he is happy to get the Twitter deal done with the backing of noted bastions of repression, Qatar and Saudi Arabia.   Related Coverage More

Written by

Chris Duckett, APAC Editor

Chris Duckett
APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Ukrainian flag waving over Parliament in Kyiv, Ukraine.
Image: Getty Images
The Five Eyes nations consisting of the United States, United Kingdom, Australia, New Zealand, and Canada, as well as the European Union and Ukraine have pinned Russia for a series of cyber incidents leading up to the invasion of Ukraine. Pulling up short of absolutely attributing the attack, the UK said it was “almost certain” that Russia caused the Viasat outage in February that began an hour before the invasion of Ukraine commenced. “Although the primary target is believed to have been the Ukrainian military, other customers were affected, including personal and commercial internet users. Wind farms in central Europe and internet users were also affected,” the UK said. The UK added tens of thousands of Viasat terminals were rendered inoperable thanks to the attack. The United States said Russia had deployed multiple families of wiper malware including WhisperGate against the Ukrainian government and private sector networks. “In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service attacks, and cyber attacks to delete data from computers belonging to government and private entities — all part of the Russian playbook,” the US said. The Canadian attribution further pinned Russia for targeting Ukraine’s banking sector in February, historically exploiting the big SolarWinds vulnerability of 2021, going after Canadian COVID vaccine research, and interfering in Georgia’s parliamentary elections in 2020. “Russian government cyber actors have compromised a number of Ukrainian civilian entities since October 2021 that would be involved in crisis response activities, including networks related to emergency services, energy, transport and also communications,” the Australian government said. New Zealand said it would be sanctioning eight individuals and entities involved in the attacks and “Putin’s campaign of disinformation”. “President Putin’s propaganda machine is in full swing, spreading lies and false information to justify Russia’s illegal invasion,” NZ Foreign Minister Nanaia Mahuta said. “Today’s announcement reflects our complete rejection of Putin’s narrative and his attempts to mislead the international community.” For its part, Ukraine said Russia had been attacking its cyberspace for eight years. “Russia has launched at least several malware families upon Ukraine since the beginning of the year: WhisperGate/WhisperKill, CaddyWiper, Hermetic Wiper, Industroyer2, DoubleZero, etc,” it said. “Russia uses cyberattacks to create a humanitarian disaster in Ukraine, since hackers are trying to disrupt operation of the energy sector, emergency services, communications, logistics. “Russian hackers pose a threat not only to Ukraine, but to the whole world.” Related Coverage More

Docker Desktop is an easy-to-use Docker container integrated development environment (IDE). It includes Docker Engine, Docker CLI client, Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. With it, you can easily build and share containerized applications and microservices. There’s only been one problem: It hasn’t been available for the Linux desktop.

Read this

What is Docker and why is it so darn popular?

Docker is hotter than hot because it makes it possible to get far more apps running on the same old servers and it also makes it very easy to package and ship programs. Here’s what you need to know about it.

This isn’t like a Windows game or Mac photo-editing program, where you can see why there isn’t a Linux version. Docker and containers live on Linux in production. But, at long last, and many Docker developers’ requests, Docker is delivering a Docker Desktop for the Linux desktop.Besides making it easier to build Docker containers, the Docker Desktop for Linux dashboard makes it easier for developers to manage containers, images, and volumes. It also provides: A unified Docker experience across all major operating systems.Seamless Kubernetes integration.The Docker Desktop UI provides insights into the Docker processes running locally on your machineIn addition, like the Docker Desktop for Mac and Windows, Docker Desktop for Linux includes Docker Extensions. These enable you to add complementary development tools. Docker has announced support from 14 launch partners. These include JFrog, Red Hat, Snyk, and VMware. Why? Docker CEO Scott Johnston explained, “The large, complex cloud-native tools landscape presents a challenge for developers, who need the right tool for the right job, right now.” Docker Extensions enables developers to quickly discover and start using the tools they need for their apps and not waste time searching, downloading, configuring, evaluating, and managing tools.”In particular, Docker Desktop Extension for JFrog Xray enables developers to automatically scan Docker Containers for vulnerabilities and violations early in the development process. In a statement, JFrog’s VP of Developer Relations, Stephen Chin, said, “We’re thrilled to extend our partnership and integrations with Docker to now include JFrog Xray for vulnerability scanning, forensics, and compliance capabilities. “When software supply chain attacks are on the rise, we’re glad we can empower developers to have greater insight into any exposures, early, so they can engage the necessary teams for timely response and remediation – saving downtime, and avoiding loss of trust from end customers.”The JFrog Docker Desktop Extension integration enables developers to:Monitor and audit the security of software encapsulated in Docker containersIdentify vulnerable artifacts inside Docker containers prior to deployment and once they are in productionConduct enhanced forensic investigations that provide a complete view of software security incidentsGet up and running quickly with an easy connection within the JFrog Platform to the Docker Desktop application.Docker claims that thanks to its increased investment in its product development tools, development teams release 13X more frequently, ramp productivity with new technologies in 65% less time, and compress the mean-time-to-remediation (MTTR) of security vulnerabilities by 62%. To get started with Desktop for Linux, visit the Docker docs to find the relevant instructions for your distro of choice. While Docker is providing Deb and RPM packages, it initially specifically supports Ubuntu, Debian, and Fedora. There’s also an experimental package for ArchLinux. There will soon be a 64-bit Raspberry Pi OS version.All-in-all, this makes Docker Desktop much more competitive with SUSE Rancher Desktop, May the best container IDE win!

ZDNet Recommends

The best Linux Foundation classes

Want a good tech job? Then you need to know Linux and open-source software. One of the best ways to learn is via a Linux Foundation course. More

Boston: Red Hat Enterprise Linux (RHEL) has been the Linux for business for a generation now. Today, RHEL touches more than $13 trillion of the global economy. Remember when people used to think Linux couldn’t handle big business? Ha! With the release of RHEL 9 at the Red Hat Summit in Boston, Red Hat improved its offerings from the open hybrid cloud to bare metal servers to cloud providers and the farthest edge of enterprise networks. 

RHEL 9 Customers want better security, and Red Hat will deliver it. Beyond the usual RHEL hardening, testing, and vulnerability scanning, RHEL 9 incorporates features that help address hardware-level security vulnerabilities like Spectre and Meltdown. This includes capabilities to help user-space processes create memory areas that are inaccessible to potentially malicious code. The platform provides readiness for customer security requirements as well, supporting PCI-DSS, HIPAA, and more.Specific security features:Smart Card authentication: Users can make use of smart card authentication to access remote hosts through the RHEL web console (Sudo, SSH, etc.).Additional security profiles: You can improve your security intelligence gathering and remediation services such as Red Hat Insights and Red Hat Satellite with security standards such as PCI-DSS and HIPAA.Detailed SSSD logging: SSSD, the enterprise single-sign-on framework, now includes more details for event logging. This includes time to complete tasks, errors, authentication flow, and more. New search capabilities also enable you to analyze performance and configuration issues.Integrated OpenSSL 3: It supports the new OpenSSL 3 cryptographic frameworks. RHEL’s built-in utilities have been recompiled to utilize OpenSSL 3.SSH root password login disabled by default: Yes, I know you ssh into your server with root passwords all the time. But it’s never been a smart idea.  By default, RHEL  won’t let you do this. Yes, this is annoying, but it’s even more annoying to hackers trying to log in as `root` using brute force password attacks. All-in-all, this is a win in my book.In this release, Red Hat also introduces Integrity Measurement Architecture (IMA) digital hashes and signatures. With IMA, users can verify the integrity of the operating system with digital signatures and hashes. With this, you can detect rogue infrastructure modifications, so you can stop system compromises in their tracks.Red Hat is also adopting, via Kubernetes, Sigstore for signing artifacts and verifying signatures. Sigstore is a free software signing service that improves software supply chain security by making it easy to sign release files, container images, and binaries cryptographically. Once signed, the signing record is kept in a tamper-proof public log. The Sigstore will be free to use by all developers and software providers. This gives software artifacts a safer chain of custody that can be secured and traced back to their source. Looking ahead, Red Hat will adopt Sigstore in OpenShift. Podman and other container technologies.This release has many new edge features. These include:Comprehensive edge management, delivered as a service, to oversee and scale remote deployments with greater control and security functionality, encompassing zero-touch provisioning, system health visibility and more responsive vulnerability mitigations all from a single interface.Automatic container roll-back with Podman, RHEL’s integrated container management technology. This automatically detects if a newly-updated container fails to start. In this case, it then rolls the container back to the previous working version.The new RHEL also includes an expanded set of RHEL Roles, These enable you to create specific system configurations automatically. So, for instance, if you need RHEL set up just for Postfix, high-availability clusters, firewall, Microsoft SQL Server, or a web console, you’re covered.Besides roles, RHEL 9 makes it easier to build new images: You can build RHEL 8 and RHEL 9 images via a single build nod. It also includes better support for customized file systems (non-LVM mount points) and bare-metal deployments. If you’re building Universal Base Image (UBI) containers, You can create them not only with standard UBI images but with micro, minimal, and init images as well. You’ll need a fully subscribed RHEL 9 container host to do this. This enables you to pull additional RPMs from the RHEL 9 repositories. RHEL now uses cgroup2 containers by default: Podman, Red Hat’s drop-in daemonless container engine replacement for Docker, uses signature and short-name (e.g., ubi8 instead of registry.access.redhat.com/ubi8/ubi) validation by default when pulling container images. And, of course, Red Hat being Red Hat, RHEL 9 Beta ships with GCC 11 and the latest versions of LLVM, Rust, and Go compilers. Looking ahead, Python 3.9 will also be RHEL 9’s default version of Python.Thinking of the console, the new RHEL also supports kernel live patching from the console. With this, you can apply patches across large, distributed system deployments without having to write a shell program. And, since it’s live patching, your RHEL instances can keep running even as they’re being patched.Put it all together, and you get a solid business Linux for any purpose. Usually, we wait before moving from one major release to another. This time you may want to go ahead and jump to RHEL 9 sooner than later. The release will be available next week. More

The number of ransomware attacks has gone down in recent months because sanctions against Russia are making it harder for cyber criminals to organise attacks and receive ransom payments, Rob Joyce director of cybersecurity at the National Security Agency (NSA) has revealed. Ransomware attacks have long been a major cybersecurity issue for organisations around the world, affecting computer networks running critical infrastructure, hospitals, businesses and more. Some of the most significant ransomware events of the last year have hit targets in the United States, including the Colonial Pipeline ransomware attack, which restricted gas supplies for large parts of the country – and resulted in a ransom payment of millions of dollars being paid to cyber criminals. “Ransomware is a huge aspect of where we learned cybersecurity is national security. And we’re seeing the criminal element push through and impacting not only the businesses, but all the way into governments and society at large,” said Joyce, speaking at the National Cyber Security Centre’s (NCSC) Cyber UK event in Newport, Wales.SEE: A winning strategy for cybersecurity (ZDNet special report) Many of the most notorious l ransomware gangs are suspected to run out of Russia – and Joyce suggested that sanctions against Russia because of the invasion of Ukraine are making life difficult for cyber criminals based in the country, which has led to a reduction in attacks, at least for now. “One interesting trend we see is, in the last month or two ransomware is actually down. There’s probably a lot of different reasons why that is, but I think one impact is the fallout of Russia-Ukraine,” said Joyce.”As we do sanctions and it’s harder to move money and it’s harder to buy infrastructure on the web, we’re seeing them less effective – and ransomware is a big part of that,” he added. But even if there’s been a reduction in ransomware attacks, it doesn’t mean the issue has suddenly disappeared – as evident by the number of organisations which continue to fall victim to ransomware attacks.In many cases, victims of ransomware attacks still feel as if they’ve got no choice but to pay a ransom to cyber criminals for the decryption key required to retrieve their encrypted files – despite warnings from cybersecurity agencies and the authorities that this only encourages further ransomware attacks.There are steps which organisations can take to improve cybersecurity and bolster their defences against ransomware and other cyber attacks. Some of the steps recommended by the NCSC include applying security patches and updates in a timely manner to stop cyber criminals exploiting known vulnerabilities and to roll-out multi-factor authentication to all users to provide an extra barrier against intrusions.It’s also recommended that organisations are aware of who and what is on their networks so suspicious activity can be detected quickly, that businesses regularly backup their data and that an incident response strategy should be in place, so that should the worst happen, there’s a plan about what to do. MORE ON CYBERSECURITY More

Microsoft has shone a spotlight on ransomware-as-a-service (RaaS), a style of criminal enterprise that relies on gig workers and is structured around profit-sharing to reduce risk borne by a single actor. Microsoft security teams are tracking more than 35 unique ransomware families and 250 threat actors across nation-state, ransomware and criminal activities. RaaS, it says, is a gig economy involving multiple actors around three key pillars.”In the same way our traditional economy has shifted toward gig workers for efficiency, criminals are learning that there’s less work and less risk involved by renting or selling their tools for a portion of the profits than performing the attacks themselves,” Microsoft Security says in a blogpost. “This industrialization of the cybercrime economy has made it easier for attackers to use ready-made penetration testing and other tools to perform their attacks,” it said.RaaS has forced Microsoft to look at attacks differently. It’s not one actor, but many, meaning that identifying the ransomware family itself doesn’t give defenders the full picture of threats on the network. Stealing data from a target, for example, may be carried out by one group for double extortion, but another group is responsible for developing ransomware payloads, while other RaaS affiliates may deploy a given ransomware payload. In other words, knowing that you’ve fallen victim to one type of ransomware only tells half the picture, wasting defenders’ time chasing down the wrong signals.     “Payload-based attribution meant that much of the activity that led to Conti ransomware deployment was attributed to the “Conti Group”, even though many affiliates had wildly different tradecraft, skills, and reporting structures,” Microsoft notes. “Some Conti affiliates performed small-scale intrusions using the tools offered by the RaaS, while others performed weeks-long operations involving data exfiltration and extortion using their own techniques and tools.” Researchers at security firm Intel471 recently detailed the Conti group’s cooperation with members of LockBit 2.0, Maze and Ryuk gangs to refine encryption algorithms and ransom notes, and contract developers from other groups to build new ransomware.    At a high level, key actors in RaaS include the operator who develops and maintains ransomware payloads and payment portals to communicate with victims; access brokers that compromise networks and sell RaaS affiliates access to it; and RaaS affiliates who run the ransomware attack, steal data, move laterally on compromise networks and persist on systems. Ransomware really becomes dangerous at the “hands-on-keyboard phase”. “When the attack reaches the active attack stage of deleting backups or shadow copies, the attack would be minutes away from ransomware deployment,” Microsoft notes. By this stage, the attackers has likely exfiltrated data and would require defenders to prioritize the investigation of alerts or detections of tools like Cobalt Strike and quickly launching incident response (IR) procedures to contain a human adversary before they can deploy ransomware.Others actors in this economy may handle the leak site to share snippets of data stolen from victims. Other extortion services include leak site hosting, decryption negotiation, payment processing, and cryptocurrency transaction services. Microsoft estimates that where an access broker has compromised 2,500 potential victims, about 60 victims encounter activity associated with known ransomware attackers. Around 20 of these victims are successfully compromised, and then one of these organizations sees an actual ransomware payload deployed on their network. Microsoft rates Trickbot, which it has been tracking as DEV-0193 since October 2020, as “the most prolific” ransomware group today. It is responsible for developing, distributing and maintaining the Trickbot, Bazaloader, and AnchorDNS payloads. The group also managed the Ryuk RaaS program before its shutdown in June 2021, as well as Ryuk’s believed successor, Conti. DEV-0193 has also hired developers from Emotet, Qakbot, and IcedID, according to Microsoft.     Microsoft’s report also covers ELBRUS, also known as FIN7, which uses point-of-sale (PoS) and ATM malware to harvest payment card information. In 2020, it deployed MAZE and REvil RaaS, but then developed DarkSide as their own RaaS ecosystem, which it then retired in May 2021 and replaced with BlackMatter in July, only to retire it in November.  “The tendency to report on ransomware incidents based on payload and attribute it to a monolithic gang often obfuscates the true relationship between the attackers, which is very accurate of the DarkSide RaaS,” Microsoft notes. While Microsoft hasn’t seen ELBRUS running a RaaS program today, it says it’s still “very active in compromising organizations via phishing campaigns” that lead to their JSSLoader and Griffon malware. Microsoft has also seen the group exploiting CVE-2021-31207 in Exchange — a low-privilege ProxyShell bug — to elevate to high SYSTEM-level privileges in victim organizations in April 2022. The BlackCat ransomware gang is another notable RaaS affiliate actor. It appeared in November 2021 and was created by ‘access brokers’ that previously sold access to multiple RaaS groups, including BlackMatter, according to Cisco’s Talos researchers. The group Microsoft tracks as DEV-0504 currently deploys BlackCat, but previously deployed Ryuk, Revil, Lockbit 2.0, BlackMatter, and Conti. When one RaaS program shuts down, it moves to another, Microsoft notes. While most of these RaaS groups are believed to operate from Russia, Microsoft highlights DEV-0401 as a unique “China-based lone wolf turned LockBit 2.0 affiliate” that recently started targeting the CVE-2021-44228 vulnerability in Log4j 2 in VMWare Horizon. “Because DEV-0401 maintains and frequently rebrands their own ransomware payloads, they can appear as different groups in payload-driven reporting and evade detections and actions against them,” Microsoft notes. Microsoft’s top advice for organizations to is to protect credentials. “More than malware, attackers need credentials to succeed in their attacks. In almost all attacks where ransomware deployment was successful, the attackers had access to a domain admin-level account or local administrator passwords that were consistent throughout the environment,” Microsoft says. Attackers can deploy ransomware through Group Policy or tools like PsExec (or clones like PAExec, CSExec, and WinExeSvc), but spreading ransomware to multiple systems is much harder without the credentials that provide administrative access in a network. “Compromised credentials are so important to these attacks that when cybercriminals sell ill-gotten access to a network, in many instances, the price includes a guaranteed administrator account to start with,” says Microsoft.  More

A joint operation involving intelligence agency GCHQ and the Ministry of Defence took direct action against computer networks used by cyber criminals, helping to protect people against cyberattacks and also making hundreds of thousands of stolen credit cards worthless to the crooks who stole them.The action by the National Cyber Force – using the combined resources of the MoD and GCHQ – has been revealed by Jeremy Fleming, director of GCHQ. “Through the National Cyber Force, we are actively undermining the cyber criminals’ assumption that they can act with impunity on the internet. We have disrupted criminals, making it clear that they are being observed, and going after their ability to profit from their illegal work,” he said, speaking at the National Cyber Security Centre’s (NCSC) Cyber UK event in Newport, Wales. 

ZDNet Recommends

Fleming described how the NCF – which was first announced in 2020 and received an official home in 2021 – is working alongside international partners to actively mount operations to “undermine” the networks of cyber criminals, denying them access to malware and other offensive cyber tools and preventing malicious hackers from profiting from cybercrime – all to help protect citizens from falling victim to cyberattacks and fraud. SEE: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened”In real life this means: tens of millions of pounds in potential fraud against the UK economy avoided. Hundreds of thousands of stolen credit cards made worthless to the criminals, and countless potential victims of crime around the world with their data and accounts safeguarded,” said Fleming. He did not detail how this was done.”The NCF is already making a big impact. From countering disinformation, to supporting the activities of our military overseas, and to helping law enforcement to go after criminal gangs, it is improving the UK’s defences and it’s imposing a cost on our adversaries,” he added.The active operations of the NCF forms just one part of a national cybersecurity strategy designed to help protect people, organisations and infrastructure from cyberattacks.  Another key aspect of that approach detailed by the intelligence agency chief is the importance of cybersecurity skills, along with finding and training people from a diverse range of backgrounds to draw on their own experiences to help keep the UK stay safe from cyber criminals – and other hostile cyber threats. “The talent in the community today is huge. But if the UK wants to continue to be successful, we need to widen the appeal of careers in cyber,” said Fleming. “Together, we must work to attract the next generation of talent from as diverse a pool as possible, from right across the country. The range of lived experiences this will bring into the workforce will make us collectively better,” he added. Concluding his speech, Fleming emphasized the importance of cybersecurity and protecting against all manner of threats that the UK and much of the wider world looks set to face in the coming years. “The global shifts we are seeing will take decades to resolve. And while I can’t predict how things will turn out, I can confidently say that cyber and cybersecurity will continue to be pivotal,” he said. MORE ON CYBERSECURITY More

Lincoln College in Illinois will shut down permanently this week after financial woes caused by the pandemic were magnified by a ransomware attack last December. In a note posted on its website, the 157-year-old liberal arts college in rural Illinois said it had survived multiple recessions, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, and the 2008 global financial crisis. 

But then came the COVID-19 pandemic, which harmed its already strained finances through a drop in enrollments and large tech investments required to support remote learning. The final blow came on December 19 when the college was hit by ransomware, which affected its IT systems for recruitment, retention and fundraising. Per NBC, it’s the first US higher education institution to shut in part due to ransomware.SEE: What is ransomware? Everything you need to know about one of the biggest menaces on the webThe college told NPR in March it would be forced to close at the end of the spring term, on May 13, unless it received a major donation or merger. The system outage lasted one and a half months, but the college didn’t have a clear picture of its outlook until systems were fully restored in March. It said the ransomware attack “thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections”.The college continued: “All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”The historically Black college was established in 1865 and named after president Abraham Lincoln.Per EdScoop, Lincoln College president, David Gerlach, appealed to Elon Musk via Twitter on April 5 for a “miracle gift” to save the college. The college was seeking a $50 million pledge to stay open, according to an April 15 report by The Chicago Tribune. A Go Fund Me campaign to save the college raised just $2,252 of a $20 million target. Gerlach told the Chicago Tribune the college was the victim of an Iran-based ransomware gang. He said the school paid a sum of less than $100,000 to regain access to affected systems. However, even after paying the sum, it still took months to fully restore systems.     According to security firm Emsisoft, 26 US colleges and 62 school districts were hit by ransomware attackers in 2021. Data was stolen in at least half of the 88 total incidents. Ransomware gangs often steal data before encrypting systems, using the threat of a data leak to pressure victims into paying multi-million dollar ransoms.     More