UC Irvine Response to Research Data Ransomware Threat
August 25, 2020
We are writing to you today so that you are aware of a recent ransomware attack targeting UCSF researchers and their data. In this case, UCSF paid a significant sum of money (in bitcoin) to decrypt the ransomed data. UCSF made this difficult and very costly decision because of potential reputational damage to the researchers and institution, issues of trust with funding agencies, and the loss of data to individual researchers and their collaborators. The disruption caused by this attack continues even after weeks of round-the-clock data decryption to restore full operations.
The important lessons from the UCSF experience are that research universities and research groups are vulnerable to such attacks, the potential for damage is great, and the stakes can be deceptively high.
To better protect you, your work and the institution’s reputation, we must recognize that cybersecurity is a shared responsibility. We need to work together to reduce the risk that bad actors could successfully target and ransom your research data. Please share this message with your lab managers, research teams and collaborators, and ask them to help you with ensuring your research program’s data security.
WHAT CAN YOU DO TODAY TO PROTECT DATA?
Below is a minimal set of practices and tools that you and your research groups can use.
Items 1 – 4 are critical and should be addressed immediately.
Items 5 – 6 are essential and should be incorporated within a month (if not sooner)
Items 7 – 10 are highly recommended.
This list is not exhaustive, but it is a good place to start.
Know your data and where it is stored – maintain an up-to-date inventory (e.g., laptops, PCs, servers, software, media (USB, CD-ROM, DVD), hosted cloud storage).
Back up data regularly and test periodically – online and offline. Backups need to be physically separate (on a different system) from the primary copy of data. There are services available on campus to assist with this.
Use strong passwords of at least 12 characters or more and multi-factor authentication (e.g., DUO).
Ensure anti-malware software is installed, running and up to date. Your local IT unit can assist in getting this in place.
Apply patches regularly and use supported operating systems and applications.
Consider housing your data in a managed on premise or enterprise-approved cloud
environment, e.g., UCI’s Secure Research Environment (SRE) or Campus Research Storage Pool (CRSP), Microsoft OneDrive. These are existing services on campus and available to you.
Vet security practices of 3rd parties (e.g., SaaS Software-as-a-Service providers) before placing valuable research data in these environments and ensure compliance.
Delete inactive accounts.
Use encrypted secure remote access services such as virtual private network (i.e., VPN) when accessing systems remotely.
Remain vigilant in avoiding phishing and social engineering attacks.
WHERE CAN YOU GET INSTITUTIONAL HELP?
We have created several resources to help you. If you would like to follow up on any of the above recommendations, or if you have any questions about cybersecurity resources available to protect your research from cyber threats, we have the following available to support you: