Skip to content

Universities Pay Significant Ransom in Case of a Cyberattack, or Lose Valuable Information about Their Students and Research

The event in July, during which Iranian hackers attacked several universities in the Middle East, reminded the world of the fragile state of securing our education systems. Universities were a frequent target for cyberattacks this year and they seem to be attacked more and more for the following reasons.

A very sophisticated example of social engineering by a group of Iranian hackers took place this July. It was primarily targeted at public intellectuals from the Middle East. It targeted university professors but also journalists and members of important think tanks. The cyber-attack was masked as an invitation for a debate on SOAS London University, which is the leading Higher Education institution in Europe specialising in the study of Asia, Africa and the Near and Middle East. The goal of the scheme was to gather sensitive information for Islamic Revolutionary Guard Corps (IRGC) which are registered as a terrorist group by federal authorities of the United States.

The attack itself was investigated and revealed by a cybersecurity company Proofpoint. They found out that it was led by a dangerous organization called TA453 or Phosphorus. It is known for gathering data and information specifically for the previously mentioned IRGC. According to experts, it is the most complicated attack the TA453 led so far. On the surface, it seems rather simple, because it functions on the principle of a fake link which is the usual method used for most attacks. According to experts, the specific selection of invited individuals implies that the attack was surely led using a sophisticated algorithm which found the most important people from the Middle Eastern academic world.

The most important aspect of the attack was that it provided the victim with a phishing link which led to the real legitimate website of the SOAS London University, which was compromised by the attackers. On the website, the victims were supposed to register for the conference. Everything seemed official, nothing implied that it was a cyber-attack. To make it even more authentic, the hackers personalized the invitations, so that each individual victim thought that it was made specifically for them with their name and degree. “The use of a legitimate infrastructure of the university means that the sophistication of attacks by TA453 is constantly developing and that they continue to be more and more capable in gathering sensitive information for IRGC,” said one of the researchers in Proofpoint.

Server Hacker News informed readers about this case. But that is only one example. Cybersecurity of universities is an important topic for many reasons.

Why are universities an ideal target for hackers?

Universities all around the world are the ideal target for a cyber-attack. Often, they are not sufficiently secured because their management underestimates the possibility of an attack. But it’s not the only reason. The main problem for securing the academic environment is that most universities have their own information systems, and rely on their own IT workers often cannot be prepared for big-scale cyber-attacks.

The other problem is the students who come and go to the university every year so that the group of users is very difficult to control. Most of them also use social media on a daily basis where they can simply click on malware links through which the hackers can get access to the network. Teaching students about cyber-security is complicated due to the fact that they rotate every year, so it would require continual and repeated classes on this topic and even that would not guarantee anything.

Protection of an entire area of the university is difficult since we’re dealing with free and open sites. Academics are usually keen on a free access to information. Any kind of restrictions are unsolicited at technical faculties because they can disrupt their studies or even their research. Security of terminal equipment is a true challenge in a benevolent environment like that and it often must be done by a group of underfinanced specialists. And it’s not only about ransomware. According to a research led by a journalist in the Wall Street Journal, hackers attacked 27 universities in USA, Canada and Southeast Asia just last year in order to acquire access to sensitive information from research on naval technology. Another reason for attacks are large numbers of students. Hackers can use their private information for years to come.

Other cases

Last year, the University of California, San Francisco was forced to pay a ransom of $1.14 million. It‘s School of Medicine had to cease operations after being encrypted from a ransomware attack. The school had fended off a few unsuccessful attempts previously before being totally disrupted by this assault. At this point, they had no other choice than to pay the blackmailers.

Similar thing happened to a Canadian University of Simon Fraser which lost the private information of more than 250 thousand people, who work and study there. They were attacked by a ransomware attack 2.0 which means that even if they managed to gather the data back from the hackers, the attackers would still have them backed up and they still could threaten to publish them if the ransom wasn’t paid. The information they obtained included not only ID numbers but also dates of birth, names, and contact information. The university managed to get everything back from the attackers but they never said if they paid the ransom or not.

Our experience

Whalebone protects the University of Economics in Prague (VŠE), where we take care of the security of more than 13 thousand students and hundreds of employees. The implementation of Whalebone was quick and effective, and it didn’t disrupt the school operation at any given moment. It protects the school from any malware, phishing, ransomware and other threats. We manage to do two significant things:

1) We protect every device of the school including the ones that VŠE doesn’t have under administration. Except for employees, VŠE has a lot of users whose devices are not under the school’s control. Those are for example guests, students who connect to the university Wi-Fi networks from various devices, or students in dormitories. It’s impossible for universities to force these students to act responsibly with their devices. Whalebone protects any device connected to any of VŠE networks.

2) We make the administration work simpler and quicker. To have control over running of the site to which tens of thousands of people from different places connect, requires using clear and functional tools. Our goal was to increase clarity for network managers and allow them to work in an intuitive and easily controlled user environment, which will allow them to identify and solve any possible issues.


It is obvious that cyber-attacks in academia will be more and more frequent. Just look at the statistics. Frequency of these attacks is rising every year. Universities need to take cyber-security seriously and they have to introduce measures to prevent these assaults from happening. One of the ways to do that is to work with forms of security which cover all sites to which the employees and students connect. Underestimating cyber-security could potentially lead to theft of private information and technologies and some of it might be used very radically and have devastating effects.