Higher Ed Sees an Increased Number of Malware Attacks Demanding Payment

IBL News | New York

The FBI issued a warning about the increase in cyberattacks targeting higher education, K-12 schools, and seminaries in 12 U.S. states and the United Kingdom.

Cyberattacks have disrupted virtual classes and registrations at a number of institutions amid the pandemic this year.

Cybercriminals steal sensitive information, block access to essential systems, and demand payment before they return access. Some institutions have already paid those ransoms.

The average cost of a data breach was $3.9 million in 2020, according to the Ponemon Institute.

These attacks are identified as PYSA ransomware, also known as Mespinoza. This is malware capable of exfiltrating data and encrypting users’ critical files and data stored on the attacked institutions’ systems.

Unidentified cyber actors exfiltrate data, encrypt victim’s systems, and use it as leverage in eliciting ransom payments. These criminals use Advanced Port Scanner and Advanced IP Scanner1 to conduct network reconnaissance and proceed to install open-source tools, such as PowerShell Empire2, Koadic3, and Mimikatz4. The cyber actors execute commands to deactivate antivirus capabilities on the victim network prior to deploying the ransomware.

Upon malware execution, a detailed ransom message is generated and displayed on the victim’s login or lock screen. The ransom message contains information on how to contact the actors via email, displays FAQs, and offers to decrypt the affected files. If the ransom is not met, the actors warn that the information will be uploaded and monetized on the darknet.

The FBI recommends no to pay ransoms. “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” says the Bureau.