While it is still being investigated, Bad Packets tweeted on June 3rd that the university had multiple servers that were vulnerable to CVE-2019-19781 between December 17, 2019 and January 11, 2020. It is very important to make sure systems are updated as soon as updates are available, because attackers are always looking to exploit outdated or unpatched systems. It is also advised that secure offline backups of important data are created—this reduces the need for ransoms to be paid and lessens the effect of the attack as a whole. Ransomware attacks often start with exploitation of an unpatched server or social engineering an employee to open a file to launch malware. The next step typically involves the ransomware operators stealing administrator account passwords and gaining control over Domain Controllers or other critical servers. Once attackers have control over the most critical servers and data files, they deploy ransomware using system automation tools to cause the maximum damage. Threat actors also typically steal copies of sensitive files before encrypting them for additional leverage over victims. The best defense is to detect intrusions in the earliest stages by monitoring for unusual behaviors on networks, workstations and servers, and responding to cut off attacker access before they gain control over critical servers.