Only a month after the WannaCry attack that affected about 250,000 networks across the world, it seems that ransomware is back in the headlines again with an attack on University College London, one of the largest universities in the UK with over ten thousand employees and nearly forty thousand students, and considered to be the seventh best university in the world. The attack affected its internal shared drives, and resulted in several NHS Trusts in the UK shutting down their own servers as a precaution.
UCL first reported the attack at the end of the day on Wednesday with the Information Services Division posting that "UCL is currently experiencing a widespread ransomware attack via email. Ransomware damages files on your computer and on shared drives where you save files. Please do not open any email attachments until we advise you otherwise. To reduce any damage to UCL systems we have stopped all access to all N: and S: drives. Apologies for the obvious inconvenience this will cause."
To help reassure those at the university who rely on access to the shared drives, ISD later added that "We take snapshot backups of all our shared drives and this should protect most data even if it has been encrypted by the malware. Once we are confident the infections have been contained, then we will restore the most recent back up of the file."
Having an effective back-up programme is one of the best ways to protect against the impact of a ransomware attack. If data is backed-up and the organization experiences a ransomware attack then they can isolate the ransomware, clean the network of it, and then restore the data from the back-up. It’s not necessarily an easy process, but it means they don’t lose all their data and they don’t pay a ransom.
Unlike WannaCry which was reported to have infected systems using out of date software, this attack was the result of users clicking on a malicious link. First it was reported to be the result of a phishing email, but later it was confirmed to be the result of users accessing a compromised website. Either way, it is this type of activity that featured so prominently during Business Continuity Awareness Week, with a report published by the Business Continuity Institute demonstrating that each and every one of us can take simple steps to improve cyber security, and one of those steps was to exercise more caution when clicking on links.
"It is encouraging to see that once again the potentially damaging impact of a cyber attack has been prevented by UCL having processes in place to deal with the threat," said David Thorp, Executive Director of the BCI. "This is business continuity in action, and while it may not prevent the disruption in its entirety, it ensures that it does not escalate further into a crisis."