Basic research has often been ignored by cybercriminals because the data are not easy to monetize. However, ransomware has changed the economics of cybercrime and makes it profitable for criminals to target a much larger set of victims, including schools, utilities, hospitals, and researchers.
The physics and astronomy department at Michigan State University (MSU) was a victim of a ransomware attack in May 2020. Afterward, MSU teamed up with Trusted CI, the National Science Foundation Cybersecurity Center of Excellence, to take a deep dive into lessons learned from the attack. Furthermore, MSU leaders decided to make the resulting report public so higher education officials and the research community could be warned of the threats and take steps to mitigate the danger. A Dec. 6 Trusted CI webinar, also public, discusses lessons learned and mitigation steps.
“In a ransomware attack, criminals encrypt a victim’s data in order to deny the victim the ability to carry out their business until they pay the ransom fee,” said Von Welch, associate vice president for information security at Indiana University and director of Trusted CI. “The encrypted data are not necessarily valuable to the attackers. However, for researchers, loss of their data can mean lost productivity in terms of months or years.”
“The ransomware attack was a big loss to our physics and astronomy department,” said Tom Siu, chief information security officer, MSU. “It’s estimated that 50 to 70 percent of the research was halted, and some of the research could not start up again for six months. Access to labs was shut down, affecting the online teaching systems. In many cases, data were not recoverable, especially if a researcher had stored data on an individual system that wasn’t backed up. One researcher lost a year’s worth of data and had to start over.”
The encrypted data are not necessarily valuable to the attackers. However, for researchers, loss of their data can mean lost productivity in terms of months or years.
Von Welch, associate vice president for information security, Indiana University and director, Trusted CI
The ransomware attack on MSU was also a big financial hit. University leadership did not pay the $6 million ransom demand, but the total remediation cost was estimated to be $1.09 million. The costs included IT response and recovery time, legal bills, notification of identity theft risk, and two years of credit monitoring and identity repair for personally identifiable information that was taken and published online by the attackers.
The ransomware attackers gained access to the MSU physics and astronomy servers via an unpatched virtual private network server. However, Trusted CI’s investigation into the breach uncovered several cultural patterns common among research organizations that aided the attack’s success. The report offers the following examples and mitigation strategies:
Many academic units have a great deal of autonomy, but in many cases, they have not adequately secured their IT. These independent units are advised to build relationships with centralized IT with a focus on securing critical assets.
There is a tendency for academic units to unduly emphasize productivity over security. A solution to this requires leadership support to adopt a security program and to ensure security policies are followed.
Basic cybersecurity hygiene should be followed, including deletion of sensitive data, segmented networks and backup systems, an incident response plan, and adequate cybersecurity training for IT staff.
The rise in ransomware attacks creates new risks for research that has typically been ignored by cybercriminals. The academic community is encouraged to learn from MSU’s real-world example, and to take proactive steps to protect higher education from cybersecurity threats.
Michigan State University has been working to advance the common good in uncommon ways for more than 165 years. One of the top research universities in the world, MSU focuses its vast resources on creating solutions to some of the world’s most pressing challenges, while providing life-changing opportunities to a diverse and inclusive academic community through more than 200 programs of study in 17 degree-granting colleges.
About Trusted CI
As the National Science Foundation (NSF) Cybersecurity Center of Excellence, Trusted CI draws on expertise from multiple internationally recognized institutions, including Indiana University, the University of Illinois, the University of Wisconsin-Madison, and the Pittsburgh Supercomputing Center. Drawing on this expertise, Trusted CI collaborates with NSF-funded research organizations to focus on addressing the unique cybersecurity challenges faced by such entities. In addition to our leadership team, a world-class advisory committee adds its experience and a critical eye to the center’s strategic decision-making.