$2 Million Cyberattack Cripples New York College

A ransomware attack crippled Monroe’s College’s email, website, and learning management system last week, with the attackers demanding $2,000,000 in Bitcoin to restore the affected systems. Other higher education institutions, such as Grinnell, Oberlin, and Hamilton College, were also subject to serious ransomware attacks on their systems this year.

“Typically these attacks start with a phishing email — an email disguised to look as if it is from a trusted source, said Phipps. If someone unwittingly clicks on a link in a fraudulent email or enters their personal log-in information, hackers can install malicious software known as ransomware, which will encrypt and block access to the users’ computer files. The hackers then demand money for the encryption key. If there are no backups of the system elsewhere, institutions are left with few options, said Phipps — rebuild or pay.”

“Jared Phipps, vice president of worldwide sales engineering for cybersecurity company SentinelOne, said these types of attacks have been linked to a small number of sophisticated criminal groups.

“They scope out the size of the organization and its ability to pay the ransom,” said Phipps. “They’re determining your pain threshold.”

As always, GHC IT urges that everyone exercise caution with email. Treat every message with caution and discard anything that seems to creates a sense of urgency while being overly vague, contains unusual grammar or terminology, has a strange sender address or a sender address that appears to be from an employee but doesn’t end in “@highlands.edu”, and/or appears to be an unpaid invoice or an email account suspension notice. Never click on links or attachments in unsolicited messages.

You can read more about this incident at here.