It has been a while since last heard about a major institution getting hit by a ransomware attack. Just because these events don’t always make headlines doesn’t mean they aren’t t taking place, though. The University College London facility found that out the hard way. Their network was affected by a malware attack, forcing the institution to limit access to personal and shared drives.
University College London Suffers a big Setback
It is evident cybercriminals will continue to distribute ransomware on a large scale for as long as they can. Despite the number of these attacks growing a lot higher in recent years, a lot of corporations and institutions are still not able to deal with ransomware by any means. In the case of the University College London, that became all too apparent earlier this week.
One would expect one of the UK’s most prestigious public research universities to take computer security a bit more seriously. Unfortunately, that is not the case, as the institution was hit by a massive ransomware attack on Wednesday. It appears the infection took place through a drive-by download, rather than a malicious email campaign. It is unclear which type of malware was used in the process, though.
It appears someone working at University College London visited a website which was compromised by nefarious individuals. As a result, the website presented malware downloads to everyone who visited the platform. It is certainly possible other universities and corporations have dealt with this same ransomware over the past week or so, yet no other incidents have been confirmed at this point in time.
Even though the university’s antivirus software is up to date, the malware was not detected in time to prevent it from doing damage. Instead, users were locked out of accessing personal files for quite some time. It is unclear if the matter has been resolved at this stage, although we do know an official investigation is still ongoing. The institute is working with antivirus suppliers to analyze this malware and prevent similar attacks from occurring in the future.
Luckily, it appears the institute will not lose any important data from this attack. It appears as if the malware strain will allow for files to be recovered from a previous backup. Moreover, all files saved on personal and shared folders is still there, yet write access to these locations has been disabled. Affected users can still save their files to other cloud servers or on removable storage. It is rather intriguing to see this ransomware leave most of the network infrastructure intact, and only disable write access to shared drives.
This new attack comes on the heels of the WannaCry ransomware attack, which affected dozens of institutions all over the world last month. It is evident these threats need to be taken a more seriously from now on, yet organizations are doing very little to thwart such attacks right now. Keeping anti-virus solutions up to date is not a sufficient countermeasure to prevent malware attacks by any means.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.