The criminals who took out the Scottish college of Dundee and Angus demanded a ransom that corresponded exactly to what was in the bank account – and that is no coincidence, the director said.
In a posthumous interview with the nonprofit IT university Jisc, Simon Hewitt lifted the veil on the January 31st ransom attack, which lasted several days, and saw that the college’s entire IT infrastructure was almost completely wiped out.
The cybercriminals had access to our bank account and they knew how much money we had in the account, what the budget was for the whole year. They demanded a ransom we can never pay, said Hewitt Disk.
The college, which has about 5,000 students and is located on the east coast of Scotland, had to tell all students and staff to reset their passwords after the IT department was rebuilt. The student told us I was coming on Friday, but I couldn’t get the hardware [from the university servers]. The burden on my class is worrying in case the class is lost without the possibility of direct contact with the college or computer committees. …many of my classmates panic if the workplace is compromised or disappears.
Hewitt, who was deputy director of information technology at the time of the attack, explained how the college obtained the NCSC Cyber Essentials certification, which guarantees cyber security, only a few months before the break-in of the ransom recipients. Even the fake staff fishing didn’t help.
Sodinokibi/revil Gang seizes British Housing Company for allegedPhishing attack.
At the end of 2019 we were proud to have the Cyber Essentials, but it didn’t save us, he said. Now we have the Cyber Essentials Plus, but I think it’s easy to get certificates and be complacent… No training or documentation prepared us for how people reacted.
Restoring the attack meant quickly redirecting the college’s existing digital strategy, deploying Microsoft and OneDrive teams across the enterprise and moving as much information as possible to the cloud – measures that Hewitt said had a financial impact but gave IT organizations hope that recovering from a future attack would be easier than restoring the entire network in five days, as was the case for the college.
Although Hewitt hasn’t said whether the ransom was paid – apparently not, given the effort required to repair the College’s computer systems – the damage is close to destroying the entire institution. Like he told Jiscu: I remember that at 2:20 Saturday morning [the day after the attack] I realised that there was no university in the digital sense, everything was erased. That was quite a low.
Public institutions are becoming an increasingly popular target for ransom criminals. The Brazilian court was surprised by a ransom only this morning, while hospitals are unfortunately becoming more and more popular with this kind of scum, which doesn’t think much about the misfortune they cause in the hunt for money. ®