Unknown Ransomware Variant Infiltrates University College London
The University College London (UCL) was hit with a ransomware attack yesterday afternoon. After the UCL shared their systems had been infected, concerns were raised that another global ransomware attack, similar to WannaCry, was on its way. Due to the strong ties between the UCL and the University College London Hospitals, select medical facilities chose to suspend their email operations until deemed secure.
The ransomware attack that infiltrated the UCL’s network and shared drives remains unknown. The Guardian states,
“It’s not yet clear what specific strain of ransomware hit UCL, but the university is warning that it may be a “zero-day” attack – one not seen in the wild before – due to the fact that it was not picked up by its antivirus software.”
Although, this assumption is not entirely accurate. Simply because the ransomware bypassed the antivirus software does not mean it was a zero-day attack. Traditional antivirus programs function off a blacklist. This means, any unknown files — ransomware included– are allowed to run. Therefore, the phishing attack that spread the ransomware, could have simply had a file attached that was unknown to the security solution. Assuming it’s using only a blacklist, it would allow it to execute. To prevent attacks such as these, a security solution that uses whitelisting is critical. Whitelisting programs treat unknown programs as bad, until they can be tested and proven safe.
As of today, the university’s shared and network drives are available as “read-only” to staff and students. The estimated time for the UCL’s servers to return to full functionality remains unknown.
To see a full list of ransomware attacks that have taken place in 2017, you can click here.