The defencelessness of the UAB

2 min
The UAB campus, in an archive image

The ransomware attack that has ripped through the Universitat Autònoma de Barcelona (UAB) is a type of malicious software that restricts access to affected files until a ransom is paid, which in this case would be €3m in cryptocurrencies. What has happened at the UAB is really very serious, but it is not a novelty nor a surprise. It has been suffered by other large organisations before. Just remember that five months ago the US pipeline Colonial was the victim of one, which caused petrol to become more expensive on the east coast of the United States until the company paid the hackers $5m in bitcoins. More recently, in late June, the world's leading meat producer, JBS, also from the United States, suffered an attack that severely affected its production. Cyber insecurity, associated with cryptocurrencies – the difficulty in tracing them is what gives cybercriminals impunity – has become a global problem, both in terms of privacy and economics. If global action is not taken, the trickle of attacks will increase and may endanger global stability.

It is clear, then, that the situation of weakness in which the UAB finds itself right now is no joke. It is a disaster for the University and a warning for others: no one can feel safe. Hundreds of thousands of documents from the University with personal data and research in progress may be rendered useless, with all that this may entail at an individual and institutional level. The intellectual life of this centre has been interrupted. Returning to the chalk board and paper is not an option: it is a disaster.

The increasingly frequent ransomware attacks against companies and individuals should be the turning point that pushes the authorities to be on their guard. It is high time. And the solution, especially when it comes to cryptocurrencies, can only be global. And in terms of computer security, in addition to the collaboration of the police, it will also require the intervention of states when it comes to investing resources and intelligence to protect institutions, companies and citizens. No one is safe: a computer can be easily infected, for example just by a user's visit to a malicious website, where, often unawares, when downloading files or programs, he or she falls into the trap. What's more, malware is designed to evade detection for as long as possible and remain dormant.

The one that has penetrated the UAB is PYSA, which, according to a a warning the U.S. Federal Bureau of Investigation (FBI) issued in March, is capable of copying and extracting victims' data before encrypting them and mainly affects educational institutions, such as universities. The double extortion that could affect the UAB is that, if the hackers have managed to extract the files and do not receive the money they demand, not only will they not release the encrypted documents, but they will also publish them on a blog on the dark web. The UAB, which has made it clear that it does not want to pay, is in a critical situation of helplessness.