Ransomware attackers demand $1.8m from US college

Credit where credit’s due: Monroe College, frozen by a ransomware attack since 6:45 a.m. Wednesday 10 July 2019, has seen a silver lining: it’s gone back to ye good old analog, friendlier, more-in-person ways of yore to keep working.

From a statement sent by Marc Jerome, president of Monroe College, a for-profit institution based in the Bronx borough of New York City, to Inside Higher Ed:

Our team is working feverishly to bring everything back online, and we are working with the appropriate authorities to resolve the situation as quickly as possible.

In the meantime, Monroe continues to operate. We’re simply doing it the way colleges did before email and the internet, which results in more personal interactions. As we have done throughout our 86-year history, we are coming together to assure that our students, faculty and staff are well served.

As of yesterday, the college was still relying on what it says is a microsite that it put up last week in response to the outage.

It also sent workaround instructions to students in its latest Tweet, sent last Friday:

ATTENTION: To all of our Online Students pic.twitter.com/ni4PiHlLDg

— Monroe College (@monroe_college) July 12, 2019

Nearly 8,000 students affected

The NY Daily News reports that the attack paralyzed systems at all of Monroe’s campuses in Manhattan, New Rochelle and St. Lucia, where a total of nearly 8,000 students are enrolled.

The attackers told the school that it could get back up and running once it paid 170 Bitcoin. The going price as of Monday for one Bitcoin was US $10,522, putting the total ransom at US $1,788,740.

Will Monroe pay? Or will the college tell the attackers to take a long walk off a short pier, which the US Conference of Mayors last month resolved would be the go-to response for all the government entities that keep getting hit in ransomware attacks?

Jackie Ruegger, executive director of public affairs at the college, said on Friday that Monroe didn’t know who was behind the attack. She didn’t comment on whether the school would be paying the ransom. Ruegger said that the college is working with local law enforcement officials and the FBI.

Attacks keep piling up

As we reported last week, there have been at least three new ransomware attacks against state and local governments since late April, and in Florida alone, we’ve seen three cities get hit over the past few months, including Riviera Beach, which agreed to pay attackers, and Lake City which was hit by Ryuk ransomware, apparently delivered via Emotet. Lake City officials agreed to pay a ransom of about $490,000 in Bitcoin.

But being in good company is no consolation when you’re scrambling to rebuild your network after an attack like this. Monroe, we wish your staff godspeed in recovering.

Unfortunately, we’re reporting on these attacks on a near-weekly basis. They’re likely underreported, at that, given that there’s no centralized government agency to report them to and no legal requirement requiring their reporting.

What to do?

For information about how targeted ransomware attacks work and how to defeat them, check out the SophosLabs 2019 Threat Report.

The bottom line is: if all else fails, you’ll wish you had comprehensive backups, and that they aren’t accessible to attackers who’ve compromised your network. Modern ransomware attacks don’t just encrypt data, they encrypt parts of the computer’s operating system too, so your backup plan needs to account for how you will restore entire machines, not just data.

For more on dealing with ransomware, listen to our Techknow podcast:

(Audio player above not working? Listen on Soundcloud or access via iTunes.)