SentinelOne Research Shows Two-Thirds of Universities Affected by Ransomware Attacks

SentinelOne Research Shows Two-Thirds of Universities Affected by Ransomware Attacks

Police stations, hospitals, small businesses, and now, universities—there is truly no end to Ransomware’s depredations. Results from multiple Freedom of Information (FOI) requests by SentinelOne reveal that 63% of British universities (out of a sample of 58) have suffered from ransomware events (what is ransomware?). What’s more, half of the institutions have suffered an attack within the last year.

From the data we’ve collected, it’s possible to see ransomware spreading across industries at a rapid clip. Notably, the entities most affected appear to be small businesses or public service institutions—organizations either without considerable cyber-defenses, or with budget priorities that don’t leave much for information security. From this subset of affected organizations, we can also pick out a number of trends which affect ransomware victims as a whole.

Chronic Underreporting of Ransomware Attacks

Out of all the universities surveyed, only one—Brunel University—went to the police in order to report a ransomware attack. This is mirrored by the overall trend in ransomware attacks. Most businesses don’t report these incidents unless required by compliance regimes. Instead, they’ll either handle ransomware payments internally, or avoid payments by restoring their data via software backup. This underreporting problem has gotten so bad that the FBI has now issued a plea to businesses, urging them to report ransomware events to the federal agency.

Failure to report ransomware to law enforcement keeps agencies in the dark about the true shape of the problem—the real number of victims, the prevalence of certain malware variants, or even the Bitcoin addresses where ransoms are being sent. What’s worse, this problem leaves businesses prone to reinfection. Confident that they’ll evade attention from law enforcement, some attackers will extort businesses over and over again. This is reflected in our data—we recorded one university suffering 21 attacks in a single year.

Traditional Endpoint Security Doesn’t Stop Ransomware

Out of all universities surveyed, only two didn’t have some form of antivirus software in place already. Although two completely unprepared institutions are definitely two too many, it’s notable that the universities who were defended were still unable to mitigate ransomware attacks.

This is a depressing statistic. It demonstrates that no matter how much an organization invests in security, that security can’t stop even relatively unsophisticated attackers from encrypting irreplaceable documents. According to a recent report from Brian Krebs, malware variants have now firmly entered the “script kiddie” phase, incorporating a well-supported GUI with drop-down menu options and built-in tutorials.

In theory, this kind of mass-produced malware should be the easiest for even basic EPP software to deflect. It’s designed for low-skill hackers who lack the technical knowledge to do things like vary a malware signature in order to avoid detection. Yet, based on penetration rates, even this simple form of ransomware is enjoying fantastic success.

SentinelOne Research Shows Two-Thirds of Universities Affected by Ransomware Attacks

Redefining Endpoint Security with SentinelOne

Ransomware attackers are already beginning to target their attacks more pointedly. Although the average ransomware payment is still only $722 for all victims, our data suggest that attackers demand higher payments from universities, with the highest recorded payment equaling nearly $3000. As time goes on, attackers will surely begin to realize that they can plausibly demand ever larger amounts of money from their victims.

Stemming the tide means investing in low-cost forms of next-generation endpoint protection that can reliably detect, mitigate, and remediate any form of malware, including ransomware. SentinelOne achieves this distinction by tapping every running process in the endpoints and servers it’s installed on. By scoring these processes according to their potential malicious activities, SentinelOne can halt and flag actions such as encrypting files or creating unauthorized executables.

Don’t let ransomware get the better of you. Learn more about how SentinelOne can help mitigate ransomware by checking out our whitepaper, “Ransomware is Here: What You Can Do About It,” or by contacting SentinelOne today.