All employees at UMB can take simple actions to protect themselves online and recover their data in the event of a cyber incident. This week’s topic covers ransomware and simple steps that an individual or organization can take to improve their online safety.
What is ransomware?
Ransomware is essentially advanced malware whose mission is to take everything stored on your computer and encrypt it. After encrypting your information, the offender will offer to decrypt all of your content for a fee, therefore “ransoming” your data. Ransomware is particularly concerning to businesses that often are asked to shell out thousands of dollars to obtain the decryption keys and in many cases pay but never receive the information necessary to recover their files.
How can I protect myself and the University?
The No. 1 protection against ransomware is vigilance. Malware infections usually make their way onto a user’s computer by persuading them to open a file or run a program by sending a phishing email. In addition to training, which the University will be providing in the coming months, anti-virus software is required for all University-owned computers — we provide network monitoring and an intrusion prevention system (IPS) at the campus gateway to the internet and in front of all administrative servers (i.e., PeopleSoft and Banner).
Simple things like applying the principle of least privilege or the removal of admin rights for user’s computers can help stop the spread of malware throughout the University. Also, it is important to regularly back up your system to a removable drive that can be completely detached after the backup is complete if it contains business critical data.
What should I do if I am infected with ransomware?
If you think the infection is confined to a single machine at your home or at the University, you should immediately disconnect the infected machine from the network. This will help prevent further spread. In some cases, ransomware can be cleaned using software available from anti-virus and anti-malware vendors. In other cases, the user must decide if the content they have lost is worth the ransom and whether the risk of paying without receiving the unlock codes is acceptable.
It is important to determine exactly what ransomware the machine was infected by and how it was activated to prevent accidental spread after the event has concluded. If you have questions about ransomware, please contact Security and Compliance at firstname.lastname@example.org