GREENSBORO, NC (WNCN) – Universities across the country are being hit by ransomware attacks that are shutting down facilities, stealing people’s personal data and charging them to start using their systems again.
So far this year, seven universities across the country have been targeted by ransomware attacks, with the latest occurring in our backyard at NC A&T.
The authors taking credit for this call themselves “The Black Cat Ransomware Group,” which has ties to the Colonial Pipeline Ransomware shutdown.
In the case of the victims, this “black cat” certainly brought them bad luck.
NC A&T was attacked during spring break in March, crippling its online systems.
The university has been hit by a ransomware threat,” said Joel Hollenbeck of Check Point Software Technologies. “The most likely route for entry was through phishing emails.”
Cybersecurity experts like Hollenbeck say schools are good targets because their networks are more open and vulnerable to threats.
In the case of NC A&T, Hollenbeck says the hackers posted a claim on their website saying they obtained personal information, including social security numbers, contracts, financial information, databases messaging, etc.
When consumer investigator Steve Sbraccia asked the school about the allegations, spokeswoman Jackie Torok denied this, saying multiple surveys “showed that no current faculty, staff or student data is available.” was affected”.
“Most of the time, victims of ransomware will first deny breaches of personally identifiable information or anything sensitive because they don’t have the evidence up front,” Hollenbeck said.
If you’re online at school, he advises not to wait for signs of trouble online.
“They should start checking credit reports, changing all passwords for every service they use, enabling multi-factor authentication where possible, and monitoring bank account activity,” Hollenbeck said.
Sbraccia also asked the school if she was paying the ransom.
He avoided answering this question in his email. However, in many cases, that’s exactly what happens, Hollenbeck said, because insurance companies holding cyber insurance policies require it.
Hollenbeck said insurance companies tend to pay because “it’s cheaper than restoring services outside of paying the ransom.”
In the meantime, we know that five weeks after the attack, the school has not brought all of its systems back online. In the NC A&T email, Torok said they had “restored the majority of our systems.”
She said the school was working to strengthen its network to prevent future attacks, but declined to give details for security purposes.