University hit with ransomware

Next story
Olivia Storey

Major university in London faced with widespread ransomware attack, which damaged files on the computers and shared drives.

The University College London experienced a ransomware attack back at the beginning of June and has an ongoing analysis into the cause of the malware and how to combat the infection.

With 11,000 staff and 38,000 students from around 150 different countries having been targeted by malware, which was originally believed to be spread via email attachments but after analysis of the infection they believe it was actually from a user accessing a compromised website.

After 12 hours of analysis they managed to reinstate access to one shared drive and user profiles into read/write mode. By only re-opening one shared drive they were able to assess that the infection had not spread further. Luckily UCL had a full back up system in place in which had backup snapshots running every hour and worked hard to recover files that had been compromised.

After a few days, the university managed to bring back full and complete access to all infected files and drives.

Mark James, ESET IT Security Specialist, talks about the rise of ransomware, and what happens if you are infected.

“Ransomware attacks are currently one of the most talked about types of malware doing the rounds.

“It not only causes extreme disruption, but in some cases can mean the loss of personal or private files forever.

“As in this case it’s usually delivered through either an opportunistic or targeted phishing attack through email, the user is often directed to a web link or encouraged to download a file to be run locally.

“Once infected the ransomware will take over encrypting any files it has access too, these will be local on the computer you’re working on, but also any shared drives that are continually connected will be a potential target.

“For most paying the ransom is not an option, remember you’re dealing with criminals, they don’t have to be honest, they have already infected you with malware why would you trust them to give your files back!

“If you do pay, your money could end up funding the next piece of software or end up paying for other illegal illicit services or products and you have let them know that you WILL pay, therefore potentially opening the gates for another attack.

“Offline point-in-time backups are the only 100% way to recover from a ransomware attack.

“Yes you might find an online free decryption tool, yes you might get your files back if you pay the ransom and yes you might be lucky enough to win the lottery tonight, but why take the chance, backup options are fairly low cost these days.

“It looks as though UCL have a good backup option in place so cleaning the malware, restoring from backup and everyone should get back most of their files with little hassle apart from the disruption caused.”


Do you have a backup plan in place? Let us know on Twitter @ESETUK.


Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.