The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large...
Transcript of The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large...
![Page 1: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/1.jpg)
The Aftermath of a Crypto-Ransomware Attack at a
Large Academic Institution
Leah Zhang-Kennedy University of Waterloo, Stratford Campus
Hala Assal, Jessica Rocheleau, Reham Mohamed,
Khadija Baig, Sonia Chiasson Carleton University
�1
![Page 2: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/2.jpg)
We had the (un)fortunate opportunity to witness the immediate aftermath of
a significant ransomware attack at a large university...
here's what happened...
�2
![Page 3: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/3.jpg)
“We are
experiencing...
'a network interruption'
�3
![Page 4: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/4.jpg)
Our aim was to understand the immediate and longer-term impact
of this incident on end-users to learn how organizations can better prepare and respond
�4
![Page 5: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/5.jpg)
UNDERSTANDWHAT
HAPPENED�5
![Page 6: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/6.jpg)
SURVEY METHODOLOGY
➤ 150 participants
➤ faculty (13%), staff (31%), students (38%), undisclosed (18%)
➤ Collected within 6 weeks, ~30 min per survey
➤ Questions
➤ pre/post attack security practices
➤ behaviours, thoughts, emotions during the attack
➤ impressions of how the situation was managed
➤ areas for improvement of emergency protocols
�6
![Page 7: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/7.jpg)
INTERVIEW METHODOLOGY➤ 30 participants
➤ faculty (3), staff (13), students (14)
➤ Collected within 6 weeks, ~60 min interviews
➤ Questions
➤ pre/post attack security practices
➤ attitudes and experiences with the attack and emergency protocols
➤ Inductive thematic analysis
�7
![Page 8: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/8.jpg)
RESULTS�8
![Page 9: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/9.jpg)
1. TECHNOLOGICAL & PRODUCTIVITY IMPACT
�9
![Page 10: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/10.jpg)
“ Pretty much everyone was impacted in some way [...] whether it’s being not able to use a computer or not
being able to use some service - Staff
�10
![Page 11: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/11.jpg)
“
�11
That’s all my work there, about fifteen years of work [...] But then it slowly
started turning all the files into encrypted files at home as well, and
then I realized this thing was not going to stop until it had done them all.
- Faculty member
![Page 12: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/12.jpg)
Even now I still run into issues... just when I need things, all of
sudden it is not working properly [...] Your work days are
interrupted and you are not working at the same pace or being
able to accomplish as much. - Staff
�12
“
![Page 13: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/13.jpg)
2. PERSONAL AND SOCIAL IMPACT
➤ Worried/concerned (n=52)
➤ Upset/angry/disappointed/insecure (29)
➤ Frustrated/annoyed (27)
➤ Shocked/surprised (27)
➤ Feared
➤ data loss (51)
➤ loss/theft of personal & financial data (38)
➤ lost productivity (27)
➤ further infection (17)�13
![Page 14: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/14.jpg)
“ I coincidently had a doctor’s appointment around that time and my blood pressure was really high. . . I was anxious about the fact that I lost work and people weren’t able to email me, then there was a whole rush of
people that needed to talk to me, and I was anxious about [catching up].
- Staff
�14
![Page 15: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/15.jpg)
“ It was kind of like we didn’t have a role in this situation. We were just
the people that were affected and [we should]
stay out of the way - Grad student
�15
![Page 16: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/16.jpg)
3. RISK PERCEPTION AND SECURITY PRACTICES
Perceivedlikelihoodofcompromise
�16
![Page 17: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/17.jpg)
4. COMMUNICATION
➤ Only 12% were first notified through official channels. ➤ Relied on word-of-mouth, social media, news ➤ Only 10% thought the university handled the incident well.
➤ Wants: ➤ clear details about the problem ➤ consistent instructions ➤ frequent updates
�17
![Page 18: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/18.jpg)
“Communication is key. If you’re not
telling people what is going on, that is creating a whole
other level of panic
- Staff
�18
![Page 19: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/19.jpg)
“ Still to this day to be honest, I don’t feel like there was ever an end. There
was [notifications] like ‘we are working on the situation [...] Ok you can connect again’. It was never like
‘It’s over.’ So it’s all very much like it’s never really ended”
- Grad Student�19
![Page 20: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/20.jpg)
WHAT DID WE LEARN?
�20
![Page 21: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/21.jpg)
1. Share the plan
�21
![Page 22: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/22.jpg)
2. Communication is key
�22
![Page 23: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/23.jpg)
3. Give victims a voice
�23
![Page 24: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/24.jpg)
4. Practice user-centric security
�24
![Page 25: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/25.jpg)
5. Offer user-centric training
�25
![Page 26: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/26.jpg)
6. Provide user-centric data storage
�26
![Page 27: The Aftermath of a Crypto-Ransomware Attack at a Large ... · Crypto-Ransomware Attack at a Large Academic Institution Leah Zhang-Kennedy University of Waterloo, Stratford Campus](https://reader034.fdocuments.net/reader034/viewer/2022050409/5f8670860e817711a23a81a3/html5/thumbnails/27.jpg)
CONCLUSION�27