Ransomware attacks against sports and education
As the sports world gears back up again, it finds itself a target of ransomware, same as any other sector. ArbiterSports, which provides software to the NCAA and various other leagues and schools for referee management, announced a security incident involving ransomware this past July. The web applications that were affected here are responsible for managing the schedules and training of game refs and other officials. Although successful in repelling the hackers from encrypting their data, ArbiterSports was unable to completely prevent them from stealing the backup copies. As a result, around 540,000 of the registered members had their sensitive data compromised, including Social Security numbers. Similar to what we discussed last week, the culprits promised to delete the data once the ransom was paid; whether or not they made good on this is always suspect.
Unfortunately, law enforcement and experts in the field believe this trend isn’t going away, and if anything, will only worsen. “It’s easy to pull off and it’s almost impossible to get caught,” says Mark Weatherford, CSO and board member of the National Cyber Security Center. According to the FBI’s Major Cyber Crimes Unit, ransomware cases have surged in the past few years, with ransom demands these days potentially reaching hundreds of thousands to millions of dollars, in the most severe cases. Ransomware cyber criminals have also been grouping up in cartels, complete entities with delegation, distribution of labor, specialization and communication across the organization. Some even have customer service.
Since the new school year began, a surge in attacks has also been detected by the UK National Cyber Security Centre, specifically directed at education. The agency has released advisories on this front, which include a number of recommendations for mitigating the risk of ransomware. Perhaps the best advice remains backing up your valuable data and implementing incident response plans, along with anti-phishing mechanisms to prevent one of the most common attack vectors.
Exacerbating the challenge could be economic woes due to COVID-19, which could prompt ordinary, non-cyber thief folks to get into ransomware out of desperation. This is why, though it gets repeated frequently, there is no diminishment in the importance of staying aware and prepared.