Ransomware: The Dupe That Succeeded

The number of ransomware attacks on businesses and organizations is increasing exponentially, but cyber security education unfortunately is not. And it is because of this lack of cyber security education that many businesses and organizations fall victim to these kinds of cyber-attacks. In fact, according to PurpleSec, 36% of ransomware deployments were due to a lack of security training, with 61% of reported attacks in 2019 being on educational organizations. Let’s look at a theoretical case of ransomware on an adjunct professor at a local university. 

John Doe was an adjunct professor at the University of Colors. He was recently hired to teach a few literature classes a week with a decent number of students in each. Due to the pandemic, the students were required to attend class remotely while the adjunct teacher came to campus to teach. Although John Doe is not tech-savvy, he was willing to learn how to make remote learning work. 

Being a newer professor, he often welcomed students’ suggestions during class for outside sources and material to share with the class that may improve the learning process. During one of the classes, he had a student suggest an app that helps you proofread your papers for plagiarism as well as grammatical errors.  After class, the professor was curious about the suggested app and went to download it on his phone. While he waited for the app to load, he checked his university email for important messages from students and colleagues. The app finished downloading but the professor found it to be buggy, so he decided to not use it. A few days later, John Doe lost access to his cell phone and his university computer, and he reported this to the University of Colors. 

He got in contact with the university regarding his compromised University account on his personal and university devices to start the investigation process. Not long after reporting to the university, the university start getting reports of other encrypted devices across campus asking for a ransom. To minimize costs from downtime, the University of Colors contacted a digital forensic agency to do a full investigation into the ransomware attack. 

A digital forensic team was contacted and conducted a thorough investigation into all infected devices and networks. After thoroughly looking through the evidence collected, they determined that the attack happened due to an app download that was a convincing dupe of the app the professor was trying to obtain. All the evidence was handed over to the University’s legal team for further prosecution. 

Thanks to the digital forensic team, the professor was able to access his cell phone again, the university was able to access their devices and networks, and the university has the necessary evidence needed to go after the perpetrator(s) responsible for costs incurred from network downtime. Because of this attack, the university has taken important steps to educate not only students, but professors and other university professionals on cyber security best practices.