The aftermath of a crypto-ransomware attack at a large academic institution

Title The aftermath of a crypto-ransomware attack at a large academic institution
Author
Keywords
Abstract

In 2016, a large North American university was subject to a significant crypto-ransomware attack and did not pay the ransom. We conducted a survey with 150 respondents and interviews with 30 affected students, staff, and faculty in the immediate aftermath to understand their experiences during the attack and the recovery process. We provide analysis of the technological, productivity, and personal and social impact of ransomware attacks, including previously unaccounted secondary costs. We suggest strategies for comprehensive cyber-response plans that include human factors, and highlight the importance of communication. We conclude with a Ransomware Process for Organizations diagram summarizing the additional contributing factors beyond those relevant to individual infections.

Year of Conference
2018
Conference Name
USENIX Security Symposium
Publisher
USENIX Security
URL
https://www.usenix.org/conference/usenixsecurity18/presentation/zhang-kennedy
Related files usenix2018-aftermath_ransomware.pdf
Download citation