How a university in Scotland recovered from a ransomware attack

When Dundee and Angus College, in Scotland, UK, was brought to a halt by a cyberattack, its leadership had to face a new reality.

“It dawned on me that, in a digital sense, there was no college; everything had been wiped. That was a pretty low moment,” says principal Simon Hewitt.

Ironically, the first point on the business continuity plan was to set up an email conversation for key staff. This proved impossible.

Instead, the college leadership took to a combination of social media and website communication – fortunately the website was hosted externally – in order to update staff and students.

An occasion to speed up digitally

With a small army of people working initially off a to-do list of Post-it notes, the rebuild process began.

“It’s a big organization, with 1,000 staff, and I’ve never seen them pull together as much. With great teamwork, we rebuilt the digital element of our college in just less than five days,” Simon Hewitt notes.

Further, several external partner organizations offered their assistance. One of them was the national research and education network for the UK, Jisc. Soon it transpired, that the dire situation was not without new possibilities.

“There is a digital strategy in place, so we knew the direction of travel over the next two years. We managed to convince the board to shift the budget forward to implement those changes immediately. It helped that we asked the Jisc cyber security team to provide data analysis of the attack and their recommendations backed up what we were saying. Their support throughout was outstanding,” says Simon Hewitt, continuing:

“So, we started to look at rebuilding the systems in a way we envisaged they might look in the future – to make us more resilient and to enable more remote access for staff and students. We rolled out OneDrive and Teams right across the organization, and we moved to a cloud-first approach so that, if this ever happens again, we won’t lose all our files.”

No ransom was paid

For the record, the ransomware attack did not succeed because of carelessness from individual users. It happened because one of the servers wasn’t patched; a simple mistake.

“We didn’t try to hide and shirk – we faced it head on and knew there would be lessons to learn, and part of that was an internal audit. We are implementing recommendations from that now and one of the last pieces in the jigsaw is to recruit for a dedicated security role.”

So, improved security moving forward has been the silver lining. And by the way, giving in to the demands of the attackers was never considered an option:

“The cyber attackers had managed to get access to our bank account and knew how much money we had in it, which was the budget for the whole year. They demanded a ransom of exactly that amount, which we were never going to be able to pay.”

Published: 03/2021

For more information please contact our contributor(s):