Widespread Ransomware Attack Targets Stanford University and University of California

5 min readApr 28, 2021


The authorities at the University of California and Stanford University have confirmed the news of a widespread ransomware attack that has targeted them.

The attack used a vulnerability in the third-party secure file transfer application Accellion. According to CBS, officials at the University of California have revealed that the attackers published online screenshots of personal information.

Further, it was reported that the medical school of Stanford University was targeted by this attack.

“Stanford University School of Medicine has learned that cyber criminals have claimed they have stolen some School of Medicine data as part of a cyber incident affecting a third-party file-sharing service, called File Transfer Appliance (FTA), provided by Accellion Inc. The breach was part of a larger national cyberattack on universities and organizations that use the Accellion FTA.”

“We are investigating this incident and we have reported the incident to law enforcement. We are working to determine whether individuals’ personal data has been affected, and we will notify any affected individuals.”

Furthermore, the University of California has also confirmed that they have received emails threatening to publish the data. In their view, this is being done to force them to pay the ransom.

According to an update, in this case, it has been found that this cyber attack affected 300 organizations which include universities, government institutions, and private companies.

Many other schools have reported cyber attacks recently. This list includes Yeshiva University, University of Maryland, University of Colorado, and the University of Miami. In the majority of these cases, personal data was stolen using the same method — exploitation of a vulnerability in the Accellion file transfer service.

Cyber Attacks Targeting Educational Institutions: A Rising Trend

As coronavirus has tightened its grip over the world, organizations have been forced to go virtual. This has its own advantages but it needs alertness and vigil for ensuring that organizations don’t lose chunks of information and money to cyber attacks.

Cyber criminals are looking for opportunities to take advantage of the lack of cyber security awareness and urgency of work. Video conferencing apps are spoofed and used for phishing attacks. Sometime back, there was news that cyber criminals have started impersonating popular videotelephony app Zoom for carrying out phishing attacks.

Furthermore, the University of California San Francisco admitted to having paid $1.14 million in Bitcoin to recover encrypted files after a ransomware attack in June 2020. This doesn’t end here. A 2020 poll that included 103 higher education institutions from the UK revealed the following details:

  1. 35 of these institutions admitted to suffering a ransomware attack in the preceding five years
  2. 25 institutions said they had not been attacked
  3. 43 institutions refused to answer

What Makes the Education Sector a Lucrative Target for Cyber Criminals

As educational institutions have almost negligible tolerance for disruption and delay in routine work, along with inadequate knowledge and measures, they end up being an attractive target for cyber attacks.

Apart from this, educational institutions store immense amounts of data of their staff and students. Any manipulation or theft of such data can bring down their whole system. Therefore, educational institutions become particularly vulnerable to ransomware attacks.

Cyber attacks on educational institutions can also be a part of attempts to disrupt or delay or terminate ongoing research on an important subject by an enemy country. As the importance of educational institutions grows, the threat of cyber attacks on them grows alongside.

Defending Against Cyber Attacks

With the rising incidents of cyber attacks on educational institutions, they are left with no options but to prepare a defense against these attacks. Any cyber security expert will tell you that anti-virus software is not an all-in-one solution to your cyber security problems. Ensuring a robust cyber security arrangement requires a multidirectional approach.

Mentioned below are some security measures that educational institutions can adopt in their efforts to save themselves from cyber threats:

  • Employee and Student Awareness
    Awareness often gets neglected when we think of cyber security awareness. But it often proves to be the basic foundational defense mechanism against cyber threats. For awareness of their employees and students, cyber security teams in educational institutions can use security awareness training tools like ThreatCop. ThreatCop uses simulation campaigns and a huge library of awareness content for imparting the users with the right and updated knowledge of cyber security.
  • Strong Password Policy
    Cyber security teams should make sure that everyone in their institution is using strong, difficult-to-guess passwords. A strong password reduces the chances of a breach or successful cyber attack by a great margin.
  • Using Multi-Factor Authentication
    Multi-Factor Authentication is necessary as it adds an extra layer of protection for your data. For this, SMS/Email Token Authentication can be implemented which uses One Time Password (OTP) for authentication. MFA, therefore, gives the user a second chance to protect their data after they have mistakenly given away their access credentials to a spoofed email or a spoofed website.
  • Phishing Incident Response Tools
    Phishing Incident Response Tools enable quick detection and response to a phishing attack. It has become more important now. A statistic from Dark Reading says that 91% of cyber attacks start with an email attack. Threat Alert Button (TAB) is one such phishing incident response tool.
  • Offline Data Backup
    Offline data backup becomes a savior especially in case of a ransomware attack. It can help in raising your threshold for paying a ransom to malicious actors for regaining access to your information. It is a smart tactic to back your data up in offline locations. Offline data backup can eventually make a huge difference in saving precious money for your organization.


As it can be seen from the recent ransomware incidents that involved Stanford University, the University of California, and many others, it’s become a necessity for educational institutions to adopt a proactive approach towards cyber security. Prevention rather than mitigation should be the way to go forward.

What would be your advice to educational institutions facing the risk of cyber attacks on securing their data and systems?




Threatcop is a cybersecurity company that provides security solutions to businesses to protect them against email-based attacks and social engineering attacks.