Online: Trending Now

Unique biweekly insights and news review
from Ray Schroeder, Senior Fellow at UPCEA

Rising Threat of Ransomware and Other Malware

The major threats to operations in higher education in past years were funding shortfalls, natural disasters and dropping enrollments. Now, criminal cyberactivity has risen to a top concern.

This is a red-alert crisis for all of us: students, faculty, staff and institutions as a whole. The rising extortion of money from government and business entities should put all of us on guard. Colleges and universities are all the more vulnerable in these uncertain fiscal times. Too often, this is further compounded by a natural inclination to cover up incidents to protect public confidence and institutional reputation.

The crisis is not just one for the IT department. It is one that must be met by every student, faculty member, staff member, college and department. We must be vigilant to any potential intrusions and instantly inform our experts — day or night, weekday or weekend. And we must implement backup systems, prepare for contingencies and create serious restoration plans.

Ransomware, in which a ransom is demanded to recover stolen digital data, has been around for decades. One of the first documented cases came at the World Health Organization’s 1989 international AIDS conference. Biologist Joseph L. Popp sent out 20,000 diskettes to attendees: “But after 90 reboots, the Trojan hid directories and encrypted the names of the files on the customer’s computer. To regain access, the user would have to send $189 to PC Cyborg Corp. at a post office box in Panama.” With the advent of the World Wide Web in 1992, cybercriminals took the stage by deploying an array of malware that included ever-increasing instances of ransomware. Instances of ransomware attacks are on the steep increase, especially with the emerging new target of remote employees who may have computer and network vulnerabilities in their homes.

Over all, damage, prevention, detection and other costs related to cyberattacks are predicted to reach $6 trillion this year — fully double the costs of just half a dozen years ago. Attacks against universities were up 100 percent in 2020 over 2019, with an average ransom demand of nearly $450,000. In fact, attacks have been so prevalent this year that the FBI issued an advisory that cyberextortionists were using type of malware called PYSA to not only demand a ransom to restore data, but also threatening to publish stolen data on the dark web. “The FBI does not encourage paying ransoms,” the advisory said. “Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”

So, what are we to do to respond? First and foremost, universities need to step up their game to protect data and individuals. Most universities have taken steps in this direction, but this is not a once-and-done task. Constant monitoring of attacks around the world as well as on campus must lead to daily updates and improvements in security. Some universities have created cabinet-level administrative positions and entire units dedicated to ensuring cybersecurity.

It is important that we all support efforts to enhance security and that we all be responsive to our IT departments. If they are rolling out extra security for email, for example, multifactor authentication, make sure you comply as quickly as possible. Be first in line to sign up for protections and migrate your data to designated secure spots.

Educause has released a Ransomware Higher Ed Playbook, sponsored by Rapid7. It is worth your time to read.

We can go the extra step to maintain good personal data hygiene. Delete files that are no longer needed. Don’t let your data hang around when and where they are not essential. Create your own personal data backup system. Brian Posey posted an article in 2019 on four best practices to protect personal data:

  1. Keep an off-line backup
  2. Use immutable storage
  3. Tap anti-malware apps
  4. Up the frequency

For many of us, our homes are still our offices. That means that institutional digital hygiene extends to your home computer, your home network and all of those in your household who use it. McKinsey provides this advice to businesses that is equally applicable to higher ed institutions: “They will also need to anticipate the next normal — how their workforce, customers, supply chain, channel partners, and sector peers will work together — so that they may appropriately engage and embed security by design. The new context of changing customer and employee behavior and a constantly shifting threat landscape must also be considered.”

We must be vigilant. The consequences are towering. What you do on your personal computer that is occasionally used for work is consequential. What the other members of your household do on that computer impacts the security of your university. Vulnerabilities in your home Wi-Fi network become university vulnerabilities.

Urge your colleagues and students to follow university guidelines and scrupulously follow safe practices. Ideally, dedicate a single computer only to work use. Use a VPN. Think twice about saving and storing anything online.

Are you vocally supporting your IT and digital security offices? They can use all the support you can give in gaining full compliance with safe digital practices. The security of your students and your institution depends upon you.


This article was originally published in Inside Higher Ed’s Transforming Teaching and Learning blog. 

A man (Ray Schroeder) is dressed in a suit with a blue tie and wearing glasses.

Ray Schroeder is Professor Emeritus, Associate Vice Chancellor for Online Learning at the University of Illinois Springfield (UIS) and Senior Fellow at UPCEA. Each year, Ray publishes and presents nationally on emerging topics in online and technology-enhanced learning. Ray’s social media publications daily reach more than 12,000 professionals. He is the inaugural recipient of the A. Frank Mayadas Online Leadership Award, recipient of the University of Illinois Distinguished Service Award, the United States Distance Learning Association Hall of Fame Award, and the American Journal of Distance Education/University of Wisconsin Wedemeyer Excellence in Distance Education Award 2016.

Other UPCEA Updates + Blogs

UPCEA Announces 2025 Association Award Recipients

8 Individuals and 7 Programs Receive Association’s Highest Honors WASHINGTON, November 4, 2024 – UPCEA, the online and professional education association, has announced the recipients of the 2025 Association Awards. The UPCEA Association Awards program includes recognition of both individual and institutional achievement across the UPCEA membership. Since 1953, UPCEA has recognized its members’ outstanding…

Read More

Department of Education Warns Institutions on Misleading Representations, Urges Compliance | Policy Matters (October 2024)

Major Updates Department of Education Warns Institutions on Misleading Representations, Urges Compliance The US Department of Education’s Federal Student Aid (FSA) recently released an announcement bulletin that highlights activities that could indicate institutions are engaging in substantial misrepresentations—such as misleading claims about program costs, job placement, or licensure—and as such, face serious penalties. The bulletin…

Read More

UPCEA Launches Virtual Week to Celebrate Membership and Expand Connections

Higher Education Institutions Invited to Join the Leading Association in Online and Professional Education Washington, D.C. (October 30, 2024) – UPCEA, the association for online and professional education, proudly announces its upcoming week-long virtual event celebrating the impact of membership and invites higher education institutions to become members. Taking place from Wednesday, November 13 through…

Read More

Beyond Degrees: How Credential Innovation is Closing the Gap for 42 Million Learners

A Movement, Not Just a Community Convergence is emerging as the place where the credential innovation community for higher ed comes together. But more than a community, it’s a movement. Not a movement to make degrees less valuable, let alone obsolete. Rather, it’s a movement to complement degrees by meeting the needs of those for…

Read More

Lessons Learned from Star Trek

I am part of Generation X. I was born in 1965 and which makes me one of the cohort’s older members. Although I am a part of Generation X, I at times align with the “Next Generation” … the Boomers. Growing up around Boomers and being an older Gen X’er meant watching I Dream of…

Read More

New Survey Explores Intersection of AI and Credentialing in Higher Ed

UPCEA and Instructure recently released the results of a survey on whether institutions are utilizing AI to enhance learner outcomes and records, and if so, how? Most survey respondents are heavily involved in developing learner experiences and tracking outcomes, though nearly half report that their institutions have yet to adopt AI-driven tools for these purposes.…

Read More

Whether you need benchmarking studies, or market research for a new program, UPCEA Consulting is the right choice.

We know you. We know the challenges you face and we have the solutions you need. We speak your language and have been serving leaders like you for more than 100 years. UPCEA consultants are current or former continuing and online higher education professionals who are experts in the industry—put our expertise to work for you.


UPCEA is dedicated to advancing quality online learning at the institutional level. UPCEA is uniquely focused on excellence at the highest levels – leadership, administration, strategy – applying a macro lens to the online teaching and learning enterprise. Its engaged members include the stewards of online learning at most of the leading universities in the nation.

We offers a variety of custom research options through a variable pricing model.


Click here to learn more.

The Nation's Top Universities Choose UPCEA Consulting

Informed decisions. Ideas that work. The data you need. Trusted by the top universities in the nation.