Ransomware cyber attack information

The request was refused by Lancaster University.

Dear Lancaster University,

Do you have any end point or anti-virus software installed on your network devices?

Has your organisation ever been the victim of a ransomware attack which meant that an external hacker encrypted a PC or device or network within your organisation and demanded payment in order to decrypt the device? Y/N

If Yes

How often have you experienced an attack in the last 12 months?

How much did the attacker demand as a ransom for each attack?

How did you respond:
a) We paid the ransom
b) Threw away the device
c) Used decrypter or other technology to regain the use of the encrypted device
c) Other (Please describe)

Did you notify the police? Y/N

If yes

What was their advice?

Yours faithfully,

Sarah Daniels

Lancaster University

Thank you for submitting a request for information from Lancaster
University under the Freedom of Information Act. Your request ID is: 1942.
Please quote this in all enquiries.
We will endeavour to respond to your request as soon as possible, and this
will be within a maximum of twenty working days from the working day
following receipt. If we do not hold the information you have requested,
we will confirm this to you.
If you have supplied an email address, contact will usually be via email,
otherwise, this will be by letter.
Should we require further clarification in order to respond to your
request, or if the request is chargeable, we will contact you. We
appreciate your patience while we deal with your request. If you have an
enquiry regarding your request, email: [email address]
The personal information you have supplied will be stored by Lancaster
University under the terms of the Data Protection Act 1998 and used to
process the request; it will be retained for a reasonable period.
Lancaster University ensures that only staff that have a business reason
to look at your information or data can do so. Lancaster University will
never sell personal information or data or share personal information or
data with third parties unrelated to the services we provide unless we are
required to do so by law or unless you have told us you consent to our
doing this.
Yours sincerely
Departmental Information Officer

Freedom of Information2,

 

Lancaster University

Lancaster LA1 4YW

United Kingdom

Telephone (01524) 65201

 

 

Dear Ms Daniels

 

I write further to your Freedom of Information request i.d. 1942 and give
below our response: 

 

‘Do you have any end point or anti-virus software installed on your
network devices?

 

Has your organisation ever been the victim of a ransomware attack which
meant that an external hacker encrypted a PC or device or network within
your organisation and demanded payment in order to decrypt the device? 
Y/N

 

If Yes

 

How often have you experienced an attack in the last 12 months?

 

How much did the attacker demand as a ransom for each attack?

 

How did you respond:

a) We paid the ransom

b) Threw away the device

c) Used decrypter or other technology to regain the use of the encrypted
device

c) Other (Please describe)

 

Did you notify the police? Y/N

 

If yes

 

What was their advice? ‘

 

I can confirm that Lancaster University takes a range of security measures
to protect its network, hardware and users. I am unable to provide any
details of this or to answer any of your further questions. Information
provided in response to FOI requests has to be assumed to be entering the
public domain. This would be likely to negatively impact our ability to
prevent or detect criminal attacks on our network. The information is
therefore exempt from disclosure under Section 31(1)(a) and 31(1)(b) of
the Freedom of Information Act relating to Law enforcement, and this email
acts as our refusal notice.

 

Regards

 

Compliance Team

Secretariat

 

Your request i.d. is: 1942. Please quote this in all enquiries.

The University aims to comply fully with its obligations under the Freedom
of Information Act 2000 and to ensure that the service it provides for
those wishing to gain access to information is helpful and effective. 

The personal information you have supplied will be used only to process
your request; some details will be retained for our records after the
request has been answered. This information will not be passed on to other
parties unrelated to the University unless we are required to do so by
law, or where it would be necessary to answer the request in full (in
which case we would seek your consent for any transfer).

Process for Making a Complaint

If you feel the service you have received does not meet our aims or your
expectations, please write to:

Head of Governance Services
University House
Lancaster University
Bailrigg
Lancaster
LA1 4YW

If, following our internal review, you are dissatisfied with the response
provided, you may write to the Information Commissioner’s Office, for
details visit [1]www.ico.org.uk.

Copyright notice

The information supplied in response to your request is the copyright of
Lancaster University and/or a third party or parties, and has been
supplied for your personal use only. You may not sell, resell or otherwise
use any information provided without prior agreement from the copyright
holder.

 

 

References

Visible links
1. http://www.ico.org.uk/