
UAB Experiences Ransomware Attack Impacting 50,000 Users
/ 3 min read
Quick take - In 2021, the Universitat Autònoma de Barcelona (UAB) suffered a ransomware attack by the PYSA group that affected approximately 50,000 users and rendered systems inoperable for two weeks, prompting the university to enhance its cybersecurity measures and recovery protocols without paying the €3 million ransom.
Fast Facts
- In 2021, the Universitat Autònoma de Barcelona (UAB) suffered a ransomware attack by the PYSA group, impacting around 50,000 users and rendering systems inoperable for two weeks.
- The attack was initiated through a phishing scheme that compromised a student’s credentials, leading to the encryption of critical data and backup systems.
- UAB chose not to pay the €3 million ransom, citing ethical and legal reasons, and collaborated with various organizations for recovery, which took three months to complete.
- To enhance cybersecurity, UAB implemented two-factor authentication, centralized user equipment management, and appointed a Chief Information Security Officer (CISO).
- The university is focused on improving business continuity and maintaining 24/7 security services to protect against future threats.
Ransomware Attack at Universitat Autònoma de Barcelona
In 2021, the Universitat Autònoma de Barcelona (UAB) experienced a significant ransomware attack orchestrated by the PYSA cybercriminal group. Approximately 50,000 users were impacted, and the attack rendered systems inoperable for two weeks. The incident coincided with Spain’s National Day on October 12, creating additional challenges for the university’s response efforts.
Response and Recovery Efforts
Gonçal Badenes, the Chief Information Officer of UAB, has expressed ongoing anxiety regarding the incident, highlighting its lasting impact despite the time elapsed since the attack. Prior to the incident, UAB had established a response plan that adhered to the Spanish National Security Scheme and included a proprietary methodology for addressing cybersecurity incidents.
The attack targeted critical infrastructure, primarily affecting the Data Processing Center. User computers connected to the university’s virtual campus were encrypted after the attackers gained access through a phishing scheme that compromised a student’s credentials. This led to the encryption of the university’s data repository, including backups on its VMware virtualization platform. Although the primary backups were destroyed, UAB retained a third backup stored on tape, which was found intact after extensive investigation. Forensic analysis confirmed that corporate databases remained secure, protecting sensitive academic records, financial information, and personal data of corporate staff.
In response to the attack, UAB opted not to pay the ransom, which was reportedly set at €3 million. This decision was based on ethical, legal, and procedural constraints. The recovery process involved a collaborative effort with several organizations, including the Catalan Cybersecurity Agency, the Data Protection Agency, and police, along with assistance from technology services provider S2Grupo and Dell Technologies. After systems were down for two weeks, critical services were restored after four weeks, and total recovery was completed three months post-attack.
Strengthening Cybersecurity Measures
UAB undertook extensive measures to ensure all systems were sanitized of any residual threats, including the reinstallation of critical systems from scratch and applying all necessary updates to avert potential malicious configurations. In light of the attack, UAB has taken several steps to bolster its cybersecurity posture, including the implementation of two-factor authentication (2FA) across all services to address previously identified security gaps.
The university also centralized the management of user equipment to mitigate risks associated with outdated technology. Badenes emphasized the importance of maintaining multiple layers of security and the need for diverse technological solutions to safeguard against data loss. Furthermore, UAB appointed a Chief Information Security Officer (CISO) to oversee the university’s enhanced cybersecurity initiatives, reflecting a commitment to maintaining robust security measures.
UAB is also focused on improving business continuity services, with Badenes noting the necessity for 24/7 security services to further protect the university against future threats.
Original Source: Read the Full Article Here