What is it?
Ransomware is malicious software that infects a computer and then restricts a user’s access to their documents until a financial ransom is paid. There are many types of ransomware, but most begin with a phishing email attempting to trick you into downloading or installing the ransomware or seeking your credentials so it can do so itself. Some ransomware attacks begin with a phone call from someone posing as tech support claiming that they detected a problem with your computer and need you to install software to help repair it. Once the ransomware is installed on the victim’s computer, it starts encrypting your files. More recently, some ransomware criminals have employed what is called a ‘double extortion’ in which along with encrypting your data, they also steal confidential files and threaten to make them public if you don’t pay the ransom.
We have seen ransoms anywhere from a few hundred dollars to hundreds of thousands of dollars, depending on the type of information that is being held or how many computers are infected.
Educational institutions have reported cases where faculty and researchers had to resort to back up files for terabytes of data because their computers were infected with ransomware, and in a few instances paid ransoms of half a million dollars to regain access to proprietary research data.
How do I defend myself?
The sensitivity and interconnectedness of information found at the University of Florida makes it an attractive target. Patient health information, student data, research data, and intellectual property are parts of the every-day operations at both the university and hospital level. Protecting that data and information is our shared responsibility.
To begin with, learn how to spot and report Phishing. Many ransomware attacks begin when someone clicks on a phishing message, and either accidentally gives their credentials to the criminals or is tricked into installing the software.
Next, follow basic steps to protect your computer and your data. Some ransomware exploits vulnerabilities in your computer operating system (Windows or Mac), or applications on your computer, to install itself. Installing patches and updates is crucial to get the latest security fixes. Lastly, be sure to have backups of both your computer and your data, so that should the worst happen, you can recover without resorting to paying a ransom to cyber criminals.
See the Protecting Your Computer for more information on how to patch and backup.
What if I think I have a ransomware infection?
- At the first sign of a ransomware infection, turn off - or even quickly unplug - your computer. You might be able to catch it soon enough before many files are encrypted, and prevent further damage.
- Alert your unit's IT Support or the FSU Service Desk. For ransomware instances involving FSU computers, your unit's IT Support or the FSU Service Desk will engage the FSU Information Security and Privacy Office, and can get law enforcement involved if needed.
- Submit suspicious email messages to the FSU Information Security team:
- Forward the message as an attachment to firstname.lastname@example.org.
- The FBI does not encourage paying a ransom to criminal actors, according to the 2020 IC3 Annual Report, “Paying a ransom may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Paying the ransom also does not guarantee that a victim’s files will be recovered.”
From: US-CERT; United States Computer Emergency Readiness Team
Link (lifewire.com - article - How to test a Suspicious Link):
Links to Online Utilities:
- Kaspersky VirusDesk Link Scanner: https://virusdesk.kaspersky.com