Universities warned by FBI of rise in ransomware

Moody’s noted the increase in attacks in this sector is alarming because of the confidential or sensitive nature of university data.

Research from Version found ransomware accounted for 80% of malware infections for education services, up from 48% the year prior. (Credit: Pira25/Shutterstock.com)

During March, the FBI’s cyber division reported a rise in PYSA ransomware incidents, which can extract and encrypt data, impacting higher education intuitions in 12 states and the U.K., according to Moody’s.

The news follows a string of ransomware incidents at universities during 2020. These include the University of California, San Francisco, School of Medicine case, in which hackers bilked the school for $1.1 million in exchange for decrypting stolen data and restoring access to servers.

Further, research from Verizon conducted in 2020 found ransomware accounted for 80% of malware infections for education services, up from 48% the year prior.

The rating agency noted the findings are credit negative as these breaches could expose confidential and sensitive data, interrupt online learning and have financial consequences.

Security costs growing while revenue drops

The rise in attacks comes at a time when higher education institutions are seeing revenue declines and expense pressures from the pandemic.

Further, higher education institutions have vastly expanded their network infrastructure to support online learning and remote faculty during the past year. This underscores the nature of an emerging risk as preparedness for cyberattacks must be balanced with the ability to invest in security measures while faced with constrained budgets, Moody’s reported.

Highlighting the threat to higher education, the sector was among the top three industries that faced the greatest risk from the MS Exchange cyberattack, according to CyberCube. Regarding this incident, universities and colleges have one of the highest concentrations of Microsoft servers among global industries, which gave hackers more opportunities to target the sector.

Related: