Ransomware attacks are now considered one of the biggest threats facing higher education institutions. Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid.

In recent years, ransomware attacks have increasingly become more sophisticated, focused, and expensive. Criminal actors behind ransomware attacks now understand that backup infrastructure is typically viewed as an insurance policy for organizations. As a result, attacks are exploiting weaknesses associated with backups, making it a prime target for attack. Organizations can no longer simply rely on encrypting backups as a mechanism to protect the integrity of backups; the attackers’ motivation now seems to be focused on deleting the backups altogether and corrupting the backup system. Several types of ransomware, such as Locky and Crypto, are known to destroy shadow copies and restore point data, making backup infrastructure easy prey for hackers rather than a defensive tool for organizations.