July 15, 2019
By: Steven Anderson
We don’t usually hear much news about schools, what with
this being summer and all, and most schools are shuttered except for the
abbreviated schedules of those engaged in summer classes. One school made some
serious news today, thanks in part to a mobile payments platform that’s brought
with it its share of controversy and then some: hackers recently hit the Monroe
College computer system, launching a ransomware attack that brought with it a
major demand: $2 million, payable in bitcoin.
The attack struck at 6:45 on Wednesday morning, reports note, and word only got out a while thereafter. Once inside the system, the hackers shut down much of it, demanding 170 bitcoin to unlock the system and bring everything back to normal. That comes out to about $1.962 million as of this writing, and given the downright mercurial nature of bitcoin these days, may only be worth about $170 by the time it’s actually paid.
The NYPD, meanwhile, is treating this as “…a grand larceny
committed by extortion,” and is investigating appropriately.
As for the college, it’s not taking things lying down. A rep
for the college noted “We are, in fact, under cyberattack. A lot of our systems
are being held — we do not have access at the moment. We are obviously taking
this very seriously … but we’ve rolled up our sleeves. Monroe was founded in
1933, and what that means is we know how to teach the old-fashioned way.”
Once again we get a prime example of one of the greatest
points in cybersecurity that ever directly connected to mobile payments: keep
offline backups. Whether it’s a cloud-based backup service, or an air-gapped
storage operation on-site, or even both at once, it doesn’t matter. You pull
the teeth from ransomware by making it easy to recover from, not by paying
thugs millions to get back what you should have had all along.
It’s also an indisputable black eye to the cryptocurrency concept, and one that didn’t need anymore. This is still one of the best means around to accomplish cross-border mobile payments, and being treated as the instrument of cyber low-lifes does it a great disservice.