ALERT: Stay vigilant and exercise caution against online scams. Never share confidential information, passwords, OTPs and bank details over calls, emails or SMSes.

Ransomware Attack on a School in Hong Kong

INTRODUCTION

In January 2023, a ransomware attack hit a private school in Singapore catering to international and local students. Cybercriminals demanded SGD 70 thousand to r estore access to the school’ s systems.

WHAT HAPPENED

The attackers used Remote Desktop Protocol (RDP) to gain access to the school’s IT systems and begin a ransomware attack. RDP allows attackers to move laterally across a network to find valuable data before encrypting it and demanding payment for its release. The ransomware quickly spread, locking out the school’s staff from accessing critical data such as academic records, personal details, essential teaching materials, and financial information.

IMMEDIATE EFFECTS

The attack resulted in the suspension of some classes, compromised teaching schedules, and disrupted communication systems. The administrative team could not access critical data or systems required for day-to-day operations.

IMPACT

The attack had significant financial implications, including the costs incurred to recover from the attack. The attack also caused reputational damage, leading to a decline in enrollment numbers, loss of donors, funding, and future partnerships. Legal action is also a possibility for failing to protect students’ personal information and data.

The following are the breakdown of the main costs incurred by the school:

  • Incident Response team costs: SGD 45 thousand
  • New computers and servers: SGD 40 thousand
  • Academic content workload: The attack caused the school to lose access to critical data such as students’ academic
    records and essential teaching materials. The school estimated that it took 2500 hours to reproduce the lost data, valued at SGD 70/hour.
  • Accountant: SGD 45 thousand
  • Lawyers: SGD 50 thousand

POTENTIAL IMPLICATIONS

The loss of trust and credibility in the school’s brand could lead to a decline in enrollment numbers. The school may also face legal implications for failing to protect students’ personal information and data, including PDPA infringement.

CONCLUSION

The incident highlights the importance of having a cyber incident response plan in place.

Ransomware attacks target organisations in all sectors, and random demands globally can reach USD 70 million. As shown above, the ransomware payment is estimated to only make up around 15% of the total cost of the cyber attack, with remediation expenses making up another considerable proportion. The average cost of a ransomware attack is almost USD 5 million, according to IBM. This is why it is vital that small and medium sized organisations prepare themselves and manage the risk of a cyber attack by planning for incident response.

A big part of this is to purchase a retainer, and Blackpanda’s IR-1 subscription plan offers 24/7 incident response availability, proactive risk advisory, discounted rates, and unlimited access to a digital library containing guides to improve your organisation’s cyber security posture, news and awareness materials to help manage cyber breaches and mitigate their impact. Get in touch with Blackpanda to learn more about IR-1.

Disclaimer : Please note that the names of individuals, businesses, and financial figures mentioned in this case study have been altered or modified to protect their privacy and confidentiality. Any resemblance to actual persons or entities, living or dead, is purely coincidental.