Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Vendor Survey Fails to Convey Prevalence and Effect of Ransomware

Following a Freedom of Information (FoI) request from endpoint security firm SentinelOne, it is suggested that 56% of UK universities have been the target of a ransomware attack in the last year.

Following a Freedom of Information (FoI) request from endpoint security firm SentinelOne, it is suggested that 56% of UK universities have been the target of a ransomware attack in the last year.

“One university admitted that it had suffered a total of 21 separate attacks throughout the year,” reads the SentinelOne announcement. No university “confessed to paying a ransom”, while the ransom values “ranged between £77 and £2299 (5 bitcoins).”

“The fact that all but one of those suffering a ransomware attack had an anti-malware solution installed, confirms the abject failure of traditional solutions to protect against the new, virulent strains of ransomware,” concludes SentinelOne’s chief of security strategy Jeremiah Grossman.

But surveys are difficult, and asking the right questions is tricky. Without the right questions, you will always get the wrong answers. It is perfectly possible to look at the published results of the survey and draw a completely different conclusion.

The biggest single error is that the term ‘attack’ does not indicate whether the attack was detected and/or neutralized by installed anti-malware software, or whether it successfully encrypted the victim’s data. There are clues in the results, but nothing specific. For example, an attack would have to be successful for the victim to receive the ransom demand specifying the ransom amount.

According to the survey, only four universities ‘recorded how much was demanded’ (two were for 5 bitcoins, one for 3 bitcoins, and one for $100). Does this suggest that in only four cases the attack was successful? If this is true, it would be misleading to claim the ‘abject failure of traditional solutions’ since those traditional solutions succeeded in stopping 52 out of 56 attacks in the last year. The reality is that neither conclusion can be justified because the survey does not differentiate between being targeted by ransomware and being encrypted by ransomware.

Another ‘clue’ over the success or failure of the attacks can be found in the sheer volume of attacks against some of the universities. Bournemouth University admitted to being targeted 21 times during the year. But Bournemouth also recorded the ransomware demand of $100 — suggesting that at least one of the attacks was successful.

Conventional wisdom is that institutions are specifically targeted with higher ransoms, while consumers are mass-phished with lower amounts. $100 would hardly provide criminal ROI for a targeted attack — in turn suggesting that Bournemouth is an anomaly: it was hit 21 times by a mass ransomware attack (probably along with thousands of consumers) of which just one succeeded. Or it could simply be one student’s response to getting bad grades, doing it out of annoyance rather than to make money. We don’t know. This survey asks neither sufficient nor meaningful questions from which we can derive any meaningful conclusions.

Advertisement. Scroll to continue reading.

The one positive point — at least for Europol, which says ‘don’t pay’ — is that none of the universities actually paid a ransom. Sadly, we cannot even draw that conclusion.

“Of the 71 universities contacted by SentinelOne, thirteen refused to answer because their response could damage their commercial interests,” says the report.

It is very tempting to suggest that nothing in this survey could damage ‘commercial interests’ more than publicly admitting to having been hacked. It is quite possible to suggest that rather than 0% of UK universities have paid a ransom, 18% have done so. 

The reality is that there is not enough information in this survey to come to any conclusion about the prevalence and effect of ransomware in UK universities.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.