Imagine the situation: you are sitting in the office, trying to open a file on the server - a file you have put a lot of work into. But nothing is working. It turns out that almost all the files are encrypted. In a new file, you find a ransom note demanding that you pay nearly 500 francs in Bitcoins if you ever want to regain access to your files. After two weeks, the ransom will double.
This is exactly what happened at ETH Zurich just a few weeks ago. A member of the research group led by Jérôme Faist, a professor at the Institute for Quantum Electronics, discovered the encrypted files one Friday morning and informed the ETH Professor about what had happened. Unknown parties had managed to encrypt no less than eight terabytes of data using ransomware, and the data affected contained the results of many years of research. "It would be just unimaginable for us to no longer have any access to this data", Faist contemplates in retrospect. Despite this, he never once considered yielding to the blackmailers’ demands.
Fortunately enough, it was not necessary in this case. Thanks to an automated backup from the previous night, the IT Services group at the Department of Physics was able to restore all the files within a few days, and without any loss of data. It was the perfect resolution. However, there is also one known case at ETH Zurich in which the victim paid the ransom.
Ongoing campaign
ETH Zurich is now launching its IT Security Initiative under the slogan "Protect your Brainwork", to promote the importance of IT security to the university’s staff and students. This initiative will be used to highlight a range of relevant issues over the coming years. The campaign forms part of the IT security policy that the Executive Board decided to implement back in early 2014.
The first part of the campaign will cover data security. "Most people have lost data at some point in the past, whether as the result of a computer crash or because they lost a USB drive," says Reto Gutmann, Director of IT Services at ETH Zurich. If this data is someone’s Master’s thesis or an upcoming presentation, then it makes the situation especially critical. The initiative provides information such as checklists that cover how individuals can best protect their data and what to do in the event of an emergency.
Over the next few months, the initiative will also cover subjects such as data manipulation and theft, as well as data management. The proper handling of data could spare many members of staff and students at ETH Zurich a considerable amount of trouble and frustration. Indeed, Professor Faist has now experienced this for himself. Thanks to that backup, he can laugh about his experience with the data blackmailers: "I didn’t have to worry about our data. Everything went exactly according to plan."