University of the Highlands and Islands Deals with a Sudden Cyber Attack


A persistent 'cyber incident' occurred at the University of the Highlands and Islands, which disrupted its services and networks on all of its campuses. The UHI network of 13 colleges and academic institutions was restricted to its students on Monday 8th of March, along with the Inverness and Perth colleges. In an advisory to students and staff around 13 sites in the northernmost portion of the UK, 'most facilities' – including their digital training environment at Brightspace – have been affected. The notice put up in the regard read that “All classes currently online because of the restrictions caused by COVID-19 will continue as normal wherever possible. Some students will attend campuses for practical classes as directed by their local course or campus contact.” 

"We are currently working to isolate and minimize impact from this incident with assistance from external partners. We do not believe personal data has been affected," said the university, adding: "The source of the incident is not yet known." 

An e-mail was sent out to the students stating that the apparent intrusion was not compromised by Office 365, Cisco Webex, OneDrive, the Teams, and e-mail services. The same information was also released on the UHI website. Administrators were of the belief that personally identifiable information was not compromised, and they affirmed the same.

Ransomware is a malware that encodes everything and allows victims to read a ranking document. The perpetrators behind such incidents usually claim huge payouts for the decryption key in exchange for decoding the victim's files in Bitcoin or equivalent cryptocurrencies. The actors are often copying the confidential files from the system of the victim and demand a second ransom to prohibit their disclosure; this is an increasingly prevalent variant. 

Notably, UHI's description has a lot in common with early stages of previous ransomware attacks. The standard account is unreported "cyber incidents," unexpectedly knocking out vast sections of IT services around an organization. Incidents of this kind have taken place in the past year with an increasing frequency in insurance, charity, and other businesses along with educational institutions.

The best practices while tackling ransomware are not to deal with the cash demands of the perpetrators. However, the distressed organisations, whose plans can buy the offenders off and clear the attack, are gradually turned towards cyber insurance firms.