Durham Sixth Form Centre paid hacker £1,500 in ransom
10 May 2018 |
The County Durham school has admitted that Durham Sixth Form Centre paid £1,500 as ransom to a cyber criminal after the latter encrypted college files just before the exams in April last year. Durham Police is aware of the incident.
Earlier this year, a survey of 750 IT decision makers from the UK by OnePoll and commissioned by Citrix revealed that British companies were hoarding Bitcoin and other cryptocurrencies in large numbers to pay off hackers in the event of ransomware attacks to avoid the kind of reputational damage that the NHS suffered.
Half of all firms prepared to pay ransom
Citrix observed that while 33 percent of British businesses in 2016 and 42 percent in 2017 hoarded cryptocurrency to pay off hackers behind ransomware attacks, over half of all British businesses did so in 2017.
A similar survey carried out by Citrix last year revealed that British businesses were prepared to pay an average of £136,235.44 to regain access to critical and sensitive data lost to ransomware.
In such a scenario, it does not come as a surprise that Durham Sixth Form Centre paid £1,500 as ransom to a hacker, considering that the institution had lost all college files just prior to the exams in April last year. The hacking took place around the same time when more and more organisations across the UK were being victimised by the WannaCry ransomware.
"Ransomware actors know that some of their victims will feel they have absolutely no choice but to pay the fine, particularly at times when computer access is critical," says Eva Prokofiev, senior threat intelligence analyst at CyberProof.
"However, organisations must understand that even when the fine is small and insignificant, paying will only do more harm than good. Not only can the fine be used to fund more criminal activity, the fact that an organisation has shown a willingness to pay will actually open them up to more attacks.
"Any organisation looking to protect their digital assets from ransomware should ensure they are adequately communicating the threat to board members and executives to ensure proper investment in an active cyber defence approach, rather than wait for the company to come under attack," she adds.
With GDPR just a couple of weeks away from coming into force, organisations, whether they are in the education sector, in the healthcare sector or manufacturing, need to take urgent steps to ensure their systems are updated with the latest security patches and have anti-malware software installed to detect and prevent the intrusion of malware, ransomware and other computer viruses.
Latest posts by Jay Jay (see all)
- Over a third of firms are not prepared for WannaCry-like attacks - 24th May 2018
- Ahead of GDPR, many firms still lack effective threat hunting capabilities - 24th May 2018
- Hackers may use VPNFilter malware to target Champions League final - 24th May 2018
- Despite risks, 72% of UK adult population will use mobile banking apps in 2023 - 24th May 2018
- ICO fines Greenwich University £120,000 for failing to prevent breach - 24th May 2018