Update | Hackers hold NCU to ransom

A major data security breach at Northern Caribbean University (NCU) in Manchester could cost the Adventist-run institution millions of dollars as hackers have encrypted accounting and other files and are demanding payment for their release.

A source close to operations at the institution told The Gleaner on Thursday that hackers have asked for thousands of US dollars, but Byron Buckley, NCU's director of corporate communications, marketing, and public relations, would not confirm the ransom demand.

“NCU is not agreeing to pay any ransom if asked,” he said when contacted by The Gleaner on Thursday.

The ransomware, which occurred last week Thursday some time after 6 p.m., was discovered the following day by an employee who raised an alarm.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid.

Buckley said student records were not affected and that the university's email system remains intact.

“Some administrative processes were affected, like some of our accounting … . Basic working files to get your work done were made inaccessible,” he said, adding that the external backup for those files failed.

All on-campus information technology-related activities have been suspended, Buckley said, adding that the data breach has been reported to the Jamaica Cyber Incident Response Team (JaCIRT).

“They are now doing what they would usually do in terms of perhaps alerting international and other law enforcement to pursue who the hackers are,” he said.

Tech security company Dark Tracer, a profile investigation platform, listed NCU among the top 20 leaked .jm domains, ranking the university at fifth.

According to the company's stealer malware intelligence report for Jamaica, 453 Jamaican users have been infected with information stealers. It said 519 credentials that accessed .jm domains were leaked from the users and distributed on dark and deep web.

The University of Technology, Jamaica (UTech), Tax Administration Jamaica, Excelsior Community College, and Jamaica Constabulary Force websites rounded out the top five.

Sean Thorpe, immediate past president of the Jamaica Computer Society (now Jamaica Tech and Digital Alliance) said there has been a significant increase in ransomware since the onset of the coronavirus pandemic.

He said, too, that this is expected to increase this year.

“Nobody is immune from ransomware attacks. To use the analogy of COVID-19 and the variants that you have, you have over 200 variants of ransomware that are out there, and they keep mutating,” Thorpe, who heads UTech's School of Computing and Information Technology, told The Gleaner on Thursday.

“Hence, this is a major challenge in the cybersecurity industry in terms of cauterising these problems.”

IT security company Trend Micro reports that 2016 was the year for ransomware across the US, with 247 detected. This was a 752 per cent increase when compared to 2015, when 29 were detected.

Those behind the threat reportedly raked in US$1 billion, the company said.

The threat trended downwards up to 2019 but gained momentum in 2020 and multiplied last year.

Silicon Valley-based SonicWall reported nearly 500 million attempted ransomware attacks up to September 2021, declaring it the most costly and dangerous year on record in terms of volume.

“It is quite unfortunate for entities that find themselves in that position. Preparation is crucial,” Thorpe said, adding that increased effort must be put into cybersecurity programmes, especially in schools.

He said richer, larger entities that can afford to run parallel computer networks are less vulnerable, but for smaller entities, the most ardent of strategies is a strong cyber-awareness programme.

Editor's note: The printer's devil struck in an earlier version of this story. The word 'not' was omitted from a sentence. Byron Buckley said student records were NOT affected.

kimone.francis@gleanerjm.com